| Revision | 560eb4eac8cfcd01c6d4b69858398d2c5d21bebb (tree) |
|---|---|
| Time | 2008-12-26 07:02:00 |
| Author | kmorimatsu <kmorimatsu@1ca2...> |
| Commiter | kmorimatsu |
NP_Mediatocu v1.0.8.1 SP1 RC6
git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@766 1ca29b6e-896d-4ea0-84a5-967f57386b96
trunk/NP_Mediatocu/mediatocu/media.php (diff)| @@ -26,8 +26,8 @@ | ||
| 26 | 26 | * |
| 27 | 27 | */ |
| 28 | 28 | |
| 29 | -/* 1.0.8.1SP1RC4 2008-12-22-18:30(JP) cacher */ | |
| 30 | 29 | /* 1.0.8.1SP1RC5 katsumi */ |
| 30 | +/* 1.0.8.1SP1RC6 2008-12-25 cacher */ | |
| 31 | 31 | |
| 32 | 32 | if (!defined('_MEDIA_PHP_DEFINED')) { |
| 33 | 33 | define('_MEDIA_PHP_DEFINED', 1); |
| @@ -322,7 +322,7 @@ if (postVar('targetthumb')) { | ||
| 322 | 322 | T.Kosugi edit End |
| 323 | 323 | */ |
| 324 | 324 | // $msg1 = rename($mediapath . $_POST[targetfile], $mediapath . htmlspecialchars($_POST[newname]) ); |
| 325 | - $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars(postVar('newname')) ); | |
| 325 | + $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars($newfilename) ); | |
| 326 | 326 | if (!$msg1) { |
| 327 | 327 | print htmlspecialchars(postVar('targetfile') . _MEDIA_PHP_10); |
| 328 | 328 | } |
| @@ -332,7 +332,7 @@ if (postVar('targetthumb')) { | ||
| 332 | 332 | //print "targetthumb=$mediapath$_POST[targetthumb]<BR />"; |
| 333 | 333 | if ($exist) { |
| 334 | 334 | // $thumbnewname = $Prefix_thumb . $_POST[newname]; |
| 335 | - $thumbnewname = $Prefix_thumb . postVar('newname'); | |
| 335 | + $thumbnewname = $Prefix_thumb . $newfilename; | |
| 336 | 336 | // $msg2 = rename($mediapath . $_POST[targetthumb], $mediapath . $thumbnewname); |
| 337 | 337 | $msg2 = media_rename($mediapath, postVar('targetthumb'), $thumbnewname); |
| 338 | 338 | if (!$msg2) { |
| @@ -801,7 +801,7 @@ function media_choose() | ||
| 801 | 801 | </select> |
| 802 | 802 | <?php } else { |
| 803 | 803 | ?> |
| 804 | - <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection)?>" /> | |
| 804 | + <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection); ?>" /> | |
| 805 | 805 | <?php } // if sizeof |
| 806 | 806 | ?> |
| 807 | 807 | <br /><br /> |
| @@ -887,6 +887,9 @@ function media_upload() | ||
| 887 | 887 | $filename = strftime("%Y%m%d-", time()) . $filename; |
| 888 | 888 | } |
| 889 | 889 | |
| 890 | + // Filename should not contain '/' or '\'. | |
| 891 | + if (preg_match('#(/|\\\\)#',$filename)) media_doError(_ERROR_DISALLOWED); | |
| 892 | + | |
| 890 | 893 | $collection = media_requestVar('collection'); |
| 891 | 894 | $res = MEDIA::addMediaObject($collection, $filetempname, $filename); |
| 892 | 895 |
Fork