Revision 61
Added by stefan about 20 years ago
| upload.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 |
// $Id: upload.php,v 1.11 2005/04/25 11:53:12 rdjurovich Exp $
|
|
| 3 |
// $Id$ |
|
| 4 | 4 |
|
| 5 | 5 |
/* |
| 6 | 6 |
|
| ... | ... | |
| 53 | 53 |
$overwrite = false; |
| 54 | 54 |
} |
| 55 | 55 |
|
| 56 |
// Get list of file types to which we're supposed to append 'txt' |
|
| 57 |
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
|
|
| 58 |
$file_extension_string=''; |
|
| 59 |
if ($get_result->numRows()>0) {
|
|
| 60 |
$fetch_result=$get_result->fetchRow(); |
|
| 61 |
$file_extension_string=$fetch_result['value']; |
|
| 62 |
} |
|
| 63 |
$file_extensions=explode(",",$file_extension_string);
|
|
| 64 |
|
|
| 65 |
|
|
| 56 | 66 |
// Loop through the files |
| 57 | 67 |
$good_uploads = 0; |
| 58 | 68 |
for($count = 1; $count <= 10; $count++) {
|
| ... | ... | |
| 62 | 72 |
$filename = media_filename($_FILES["file$count"]['name']); |
| 63 | 73 |
// Check if there is still a filename left |
| 64 | 74 |
if($filename != '') {
|
| 75 |
// Check for potentially malicious files and append 'txt' to their name |
|
| 76 |
foreach($file_extensions as $file_ext) {
|
|
| 77 |
$file_ext_len=strlen($file_ext); |
|
| 78 |
if (substr($filename,-$file_ext_len)==$file_ext) {
|
|
| 79 |
$filename.='.txt'; |
|
| 80 |
} |
|
| 81 |
} |
|
| 65 | 82 |
// Move to relative path (in media folder) |
| 66 | 83 |
if(file_exists($relative.$filename) AND $overwrite == true) {
|
| 67 | 84 |
if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
|
Also available in: Unified diff