Browse Source

added security fix for uploading attachments from Martin Sarsale

Luke Ehresman 25 years ago
parent
commit
d7313e0358
1 changed files with 6 additions and 2 deletions
  1. 6 2
      src/compose.php

+ 6 - 2
src/compose.php

@@ -152,8 +152,8 @@
          echo "// --></SCRIPT>\n\n";
          echo "// --></SCRIPT>\n\n";
       }
       }
 
 
-      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
+      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
+      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
       if ($reply_id) {
       if ($reply_id) {
          echo "<input type=hidden name=reply_id value=$reply_id>\n";
          echo "<input type=hidden name=reply_id value=$reply_id>\n";
       }                 
       }                 
@@ -346,6 +346,10 @@
       $localfilename = $localfilename;
       $localfilename = $localfilename;
       
       
       // Put the file in a better place
       // Put the file in a better place
+      $tmp=explode('/',$attachfile);
+      $attachfile=$tmp[count($tmp)-1];
+      $attachfile=ereg_replace('\.{2,}','',$attachfile);
+
       error_reporting(0); // Rename will produce error output if it fails
       error_reporting(0); // Rename will produce error output if it fails
       if (!rename($attachfile, $attachment_dir.$localfilename)) {
       if (!rename($attachfile, $attachment_dir.$localfilename)) {
          if (!copy($attachfile, $attachment_dir.$localfilename)) {
          if (!copy($attachfile, $attachment_dir.$localfilename)) {