diff options
author | z0rglub <z0rglub@piwigo.org> | 2004-01-24 19:01:41 +0000 |
---|---|---|
committer | z0rglub <z0rglub@piwigo.org> | 2004-01-24 19:01:41 +0000 |
commit | d069762615f75f27fd07c22d3d97b2945483b7be (patch) | |
tree | 6d3361bbf3e7295b5381eaf1a7faa42b49a9ee41 | |
parent | eedb9e3d6231f7e7b81baf1cc8d1e85eea4600db (diff) |
- Php warning correction
- bug 0000002 correction : forbidden characters on file are now checked
git-svn-id: http://piwigo.org/svn/branches/release-1_3@315 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | upload.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/upload.php b/upload.php index 6dc69631f..a67c84902 100644 --- a/upload.php +++ b/upload.php @@ -167,7 +167,8 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) { array_push( $error, $lang['upload_err_username'] ); } - + + $date_creation = ''; if ( $_POST['date_creation'] != '' ) { list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] ); @@ -192,6 +193,14 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) $xml_infos.= ' date_creation="'.$date_creation.'"'; $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"'; $xml_infos.= ' />'; + + if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) ) + { + // reload language file with administration labels + $isadmin = true; + include( './language/'.$user['language'].'.php' ); + array_push( $error, $lang['update_wrong_dirname'] ); + } if ( sizeof( $error ) == 0 ) { |