Context Navigation

Changeset 1143

Timestamp:

12/21/08 05:04:08 (4 years ago)

Author:

gogo

Message:

Security patch - see ticket:1363

Location:

trunk/plugins

Files:

r714	r1143
1		php_flag engine off
	1	<IfModule mod_php.c>
	2	php_flag engine off
	3	</IfModule>
2	4	AddType text/html .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi

r999	r1143
260	260	Return $base.'.gif';
261	261
	262	// Ensure type is in acceptable image types
	263	$valid_extensions = $this->manager->config['allowed_image_extensions'];
	264	if(!in_array($ext, $valid_extensions))
	265	{
	266	return $base . ".".strtolower($type ? $type : 'jpg');
	267	}
	268
262	269	Return $filename;
263	270	}

r999	r1143
456	456	Return false;
457	457	}
	458	}
	459
	460	$valid_extensions = $this->config['allowed_image_extensions'];
	461	$afruext = strtolower(substr(strrchr($file['name'], "."), 1));
	462	if(!in_array($afruext, $valid_extensions))
	463	{
	464	Files::delFile($file['tmp_name']);
	465	Return 'Cannot upload $extension='.$afruext.'$ Files. Permission denied.';
458	466	}
459	467

r999	r1143
229	229	*/
230	230
231		$IMConfig['allow_upload'] = ~~tru~~e;
	231	$IMConfig['allow_upload'] = false;
232	232
233	233	// -------------------------------------------------------------------------
…	…
248	248
249	249	$IMConfig['validate_images'] = true;
	250
	251	$IMConfig['allowed_image_extensions'] = array("jpg","gif","png","jpeg");
250	252
251	253	// -------------------------------------------------------------------------