Project

General

Profile

« Previous | Next » 

Revision 1468

Added by Dietmar over 13 years ago

update jquery-min to version 1.6.2
update jquery-ui-min to version 1.8.14
fix index error in media upload (Tks to DBS)
add missing nopreview.jpg
update media browser not to show forbidden files
remove unused jquery archiv folder

View differences:

upload.php
72 72 
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types;
73 73 
// Loop through the files
74 74 
$good_uploads = 0;
75 
$sum_dirs = 0;
76 
$sum_files = 0;
77 

  		




  75
  78
  
    
for($count = 1; $count <= 10; $count++) {


  		




  76
  79
  
    
	// If file was upload to tmp


  		




  77
  80
  
    
	if(isset($_FILES["file$count"]['name'])) {


  		




  ......




  83
  86
  
    
		$ext = isset($info['extension']) ? $info['extension'] : '';


  		




  84
  87
  
    

  		




  85
  88
  
    
		if ( ($filename != '') && !preg_match("/\." . $forbidden_file_types . "$/i", $ext) ) {


  		




  86
  
  
    
/*


  		




  87
  
  
    
		// Check for potentially malicious files and append 'txt' to their name


  		




  88
  
  
    
			foreach($file_extensions as $file_ext) {


  		




  89
  
  
    
				$file_ext_len=strlen($file_ext);


  		




  90
  
  
    
				if (substr($filename,-$file_ext_len)==$file_ext) {


  		




  91
  
  
    
					$filename.='.txt';


  		




  92
  
  
    
				}


  		




  93
  
  
    
			}


  		




  94
  
  
    
*/


  		




  95
  89
  
    
			// Move to relative path (in media folder)


  		




  96
  90
  
    
			if(file_exists($relative.$filename) AND $overwrite == true) {


  		




  97
  91
  
    
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {


  		




  98
  92
  
    
					$good_uploads++;


  		




  
  93
  
    
					$sum_files++;


  		




  99
  94
  
    
					// Chmod the uploaded file


  		




  100
  95
  
    
					change_mode($relative.$filename);


  		




  101
  96
  
    
				}


  		




  102
  97
  
    
			} elseif(!file_exists($relative.$filename)) {


  		




  103
  98
  
    
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {


  		




  104
  99
  
    
					$good_uploads++;


  		




  
  100
  
    
					$sum_files++;


  		




  105
  101
  
    
					// Chmod the uploaded file


  		




  106
  102
  
    
					change_mode($relative.$filename);


  		




  107
  103
  
    
				}


  		




  ......




  132
  128
  
    
	// hardcodet forbidden filetypes


  		




  133
  129
  
    
	$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types;


  		




  134
  130
  
    
	$info = pathinfo($p_header['filename']);


  		




  135
  
  
    
                         $ext = isset($info['extension']) ? $info['extension'] : '';


  		




  136
  
  
    
                         $dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');


  		




  
  131
  
    
	$ext = isset($info['extension']) ? $info['extension'] : '';


  		




  
  132
  
    
	$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');


  		




  137
  133
  
    
	if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' )


  		




  138
  134
  
    
	{	// ----- allowed file types are extracted


  		




  139
  135
  
    
	  return 1;


  		




  ......




  154
  150
  
    
		// error while trying to extract the archive (most likely wrong format)


  		




  155
  151
  
    
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));


  		




  156
  152
  
    
	}


  		




  157
  
  
    

  		




  158
  
  
    
	$sum_dirs = 0;


  		




  159
  153
  
    
	$sum_files = 0;


  		




  160
  
  
    

  		




  161
  154
  
    
	// rename executable files!


  		




  162
  155
  
    
	foreach ($list as $key => $val) {


  		




  163
  156
  
    
	    if( ($val['folder'] ) && change_mode($val['filename']) ) {


  		




  ......




  169
  162
  
    
	if (isset($_POST['delzip'])) { unlink($filename1); }


  		




  170
  163
  
    
}


  		




  171
  164
  
    
unset($list);


  		




  172
  
  
    
if($good_uploads == 1) {


  		




  
  165
  
    
if($sum_files == 1) {


  		




  173
  166
  
    
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED'] );


  		




  174
  167
  
    
} else {


  		




  175
  
  
    
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED'] );


  		




  
  168
  
    
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA']['UPLOADED'] );


  		




  176
  169
  
    
}


  		




  177
  170
  
    

  		




  178
  
  
    
// Print admin 


  		




  
  171
  
    
// Print admin


  		




  179
  172
  
    
$admin->print_footer();


  		












Also available in:  Unified diff