[geeklog-cvs] geeklog: Set a special flag in the recreated $_FILES array inste...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:34 EST 2009
changeset 7549:3bd0cc4f97b8
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/3bd0cc4f97b8
user: Dirk Haun <dirk at haun-online.de>
date: Sun Dec 27 11:39:51 2009 +0100
description:
Set a special flag in the recreated $_FILES array instead of relying on $_CONF['path_data']
diffstat:
system/classes/upload.class.php | 9 ++++++---
system/lib-security.php | 2 ++
2 files changed, 8 insertions(+), 3 deletions(-)
diffs (42 lines):
diff -r b6450e9f1681 -r 3bd0cc4f97b8 system/classes/upload.class.php
--- a/system/classes/upload.class.php Sun Dec 27 11:23:02 2009 +0100
+++ b/system/classes/upload.class.php Sun Dec 27 11:39:51 2009 +0100
@@ -509,8 +509,6 @@
*/
function _copyFile()
{
- global $_CONF;
-
if (!is_writable($this->_fileUploadDirectory)) {
// Developer didn't check return value of setPath() method which would
// have told them the upload directory was not writable. Error out now
@@ -528,11 +526,16 @@
$sizeOK = false;
}
}
- if (substr($this->_currentFile['tmp_name'], 0, strlen($_CONF['path_data'])) == $_CONF['path_data']) {
+
+ if (isset($this->_currentFile['_gl_data_dir']) &&
+ $this->_currentFile['_gl_data_dir']) {
+ // uploaded file was involved in a recreated POST after an expired
+ // token - can't use move_uploaded_file() here
$returnMove = rename($this->_currentFile['tmp_name'], $this->_fileUploadDirectory . '/' . $this->_getDestinationName());
} else {
$returnMove = move_uploaded_file($this->_currentFile['tmp_name'], $this->_fileUploadDirectory . '/' . $this->_getDestinationName());
}
+
if (!($sizeOK)) {
// OK, resize
$sizefactor = $this->_calcSizefactor ($imageInfo['width'],
diff -r b6450e9f1681 -r 3bd0cc4f97b8 system/lib-security.php
--- a/system/lib-security.php Sun Dec 27 11:23:02 2009 +0100
+++ b/system/lib-security.php Sun Dec 27 11:39:51 2009 +0100
@@ -1340,6 +1340,8 @@
// fix path - uploaded files are in our data directory
$filename = basename($kv);
$kv = $_CONF['path_data'] . $filename;
+ // set a flag so we know where it's coming from
+ $_FILES[$file]['_gl_data_dir'] = true;
}
$_FILES[$file][$kk] = $kv;
}
More information about the geeklog-cvs
mailing list