From d069762615f75f27fd07c22d3d97b2945483b7be Mon Sep 17 00:00:00 2001 From: z0rglub Date: Sat, 24 Jan 2004 19:01:41 +0000 Subject: - Php warning correction - bug 0000002 correction : forbidden characters on file are now checked git-svn-id: http://piwigo.org/svn/branches/release-1_3@315 68402e56-0260-453c-a942-63ccdbb3a9ee --- upload.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'upload.php') diff --git a/upload.php b/upload.php index 6dc69631f..a67c84902 100644 --- a/upload.php +++ b/upload.php @@ -167,7 +167,8 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) { array_push( $error, $lang['upload_err_username'] ); } - + + $date_creation = ''; if ( $_POST['date_creation'] != '' ) { list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] ); @@ -192,6 +193,14 @@ if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) ) $xml_infos.= ' date_creation="'.$date_creation.'"'; $xml_infos.= ' name="'.htmlspecialchars( $_POST['name'], ENT_QUOTES).'"'; $xml_infos.= ' />'; + + if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) ) + { + // reload language file with administration labels + $isadmin = true; + include( './language/'.$user['language'].'.php' ); + array_push( $error, $lang['update_wrong_dirname'] ); + } if ( sizeof( $error ) == 0 ) { -- cgit v1.2.3