Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの
Revision | 560eb4eac8cfcd01c6d4b69858398d2c5d21bebb (tree) |
---|---|
Time | 2008-12-26 07:02:00 |
Author | kmorimatsu <kmorimatsu@1ca2...> |
Commiter | kmorimatsu |
NP_Mediatocu v1.0.8.1 SP1 RC6
git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@766 1ca29b6e-896d-4ea0-84a5-967f57386b96
@@ -26,8 +26,8 @@ | ||
26 | 26 | * |
27 | 27 | */ |
28 | 28 | |
29 | -/* 1.0.8.1SP1RC4 2008-12-22-18:30(JP) cacher */ | |
30 | 29 | /* 1.0.8.1SP1RC5 katsumi */ |
30 | +/* 1.0.8.1SP1RC6 2008-12-25 cacher */ | |
31 | 31 | |
32 | 32 | if (!defined('_MEDIA_PHP_DEFINED')) { |
33 | 33 | define('_MEDIA_PHP_DEFINED', 1); |
@@ -322,7 +322,7 @@ if (postVar('targetthumb')) { | ||
322 | 322 | T.Kosugi edit End |
323 | 323 | */ |
324 | 324 | // $msg1 = rename($mediapath . $_POST[targetfile], $mediapath . htmlspecialchars($_POST[newname]) ); |
325 | - $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars(postVar('newname')) ); | |
325 | + $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars($newfilename) ); | |
326 | 326 | if (!$msg1) { |
327 | 327 | print htmlspecialchars(postVar('targetfile') . _MEDIA_PHP_10); |
328 | 328 | } |
@@ -332,7 +332,7 @@ if (postVar('targetthumb')) { | ||
332 | 332 | //print "targetthumb=$mediapath$_POST[targetthumb]<BR />"; |
333 | 333 | if ($exist) { |
334 | 334 | // $thumbnewname = $Prefix_thumb . $_POST[newname]; |
335 | - $thumbnewname = $Prefix_thumb . postVar('newname'); | |
335 | + $thumbnewname = $Prefix_thumb . $newfilename; | |
336 | 336 | // $msg2 = rename($mediapath . $_POST[targetthumb], $mediapath . $thumbnewname); |
337 | 337 | $msg2 = media_rename($mediapath, postVar('targetthumb'), $thumbnewname); |
338 | 338 | if (!$msg2) { |
@@ -801,7 +801,7 @@ function media_choose() | ||
801 | 801 | </select> |
802 | 802 | <?php } else { |
803 | 803 | ?> |
804 | - <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection)?>" /> | |
804 | + <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection); ?>" /> | |
805 | 805 | <?php } // if sizeof |
806 | 806 | ?> |
807 | 807 | <br /><br /> |
@@ -887,6 +887,9 @@ function media_upload() | ||
887 | 887 | $filename = strftime("%Y%m%d-", time()) . $filename; |
888 | 888 | } |
889 | 889 | |
890 | + // Filename should not contain '/' or '\'. | |
891 | + if (preg_match('#(/|\\\\)#',$filename)) media_doError(_ERROR_DISALLOWED); | |
892 | + | |
890 | 893 | $collection = media_requestVar('collection'); |
891 | 894 | $res = MEDIA::addMediaObject($collection, $filetempname, $filename); |
892 | 895 |