Masato Kikuhara
en-sf****@users*****
2005年 6月 30日 (木) 18:55:49 JST
Index: affelio/apps/diary/Diary.pm
diff -u affelio/apps/diary/Diary.pm:1.16 affelio/apps/diary/Diary.pm:1.17
--- affelio/apps/diary/Diary.pm:1.16 Thu Jun 30 13:53:04 2005
+++ affelio/apps/diary/Diary.pm Thu Jun 30 18:55:48 2005
@@ -631,10 +631,10 @@
my $afap = $self->{afap};
- my $mimetype = $afap->{cgi}->uploadInfo($filename)->{'Content-Type'};
- unless ($mimetype =~ /image\/(bmp|gif|png|jpeg)/) {
- $self->errorExit('ファイルã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ï¼šä¸æ£ãªãƒ•ã‚¡ã‚¤ãƒ«ã‚¿ã‚¤ãƒ—ã§ã™');
- }
+# my $mimetype = $afap->{cgi}->uploadInfo($filename)->{'Content-Type'};
+# unless ($mimetype =~ /image\/(bmp|gif|png|jpeg)/) {
+# $self->errorExit('ファイルã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ï¼šä¸æ£ãªãƒ•ã‚¡ã‚¤ãƒ«ã‚¿ã‚¤ãƒ—ã§ã™');
+# }
my $file;
my $buf;
@@ -653,9 +653,13 @@
mkdir $basedir;
}
- fileparse_set_fstype('DOS');
+ fileparse_set_fstype('MSDOS');
my $distfile = $basedir.basename($filename);
+ unless (basename($filename) =~ /^[a-zA-Z0-9\.\-\_]{1,28}\.(jpg|png|gif|bmp)$/) {
+ $self->errorExit('ファイルã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ï¼šä¸æ£ãªãƒ•ã‚¡ã‚¤ãƒ«ã‚¿ã‚¤ãƒ—ã§ã™');
+ }
+
local (*OUT);
open(OUT, "> $distfile") or $self->errorExit('ファイルã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ï¼šãƒ•ã‚¡ã‚¤ãƒ«æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸ');
binmode OUT;