blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-15 19:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Upload Bugs

Browse Source
This commit is contained in:
oesi
2015-08-05 15:32:54 +02:00
parent f389559d69
commit a2b962d84e
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cis/private/lehre/upload.php
+9 -5
View File
@@ -623,7 +623,7 @@
}
else
{
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && $file_name!='.htaccess')
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && !stristr($file_name,'.htaccess'))
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
@@ -646,7 +646,7 @@
}
else
{
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && $file_name!='.htaccess')
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && !stristr($file_name,'.htaccess'))
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
@@ -679,7 +679,7 @@
}
else
{
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && $file_name!='.htaccess')
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && !stristr($file_name,'.htaccess'))
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
@@ -702,7 +702,7 @@
}
else
{
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && $file_name!='.htaccess')
if(!stristr($uploadfile, '.php') && !stristr($uploadfile, '.cgi') && !stristr($uploadfile, '.pl') && !stristr($uploadfile, '.phtml') && !stristr($file_name,'.htaccess'))
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
@@ -1318,9 +1318,13 @@
$link_path = str_replace("+","%20",$link_path);
echo "</b></td><td align=\"left\" class='MarkLine'><b><font face=\"Arial,Helvetica,sans-serif\" color=\"#000000\" size=\"2\"><a href=\"$link_path\" target=\"_blank\">&nbsp;<img src=\"../../../skin/images/file.gif\" border=\"0\">&nbsp;".htmlentities($entry, ENT_QUOTES, 'UTF-8')."&nbsp;</a></font>";
$new_file_name_='';
if(isset($_POST['new_file_name'.$file_count]))
$new_file_name_ = $_POST['new_file_name'.$file_count];
if(stristr($new_file_name_,'..'))
die('Invalid Parameter detected');
if(isset($rename_file) && isset($check_state))
{
echo "</b></td><td align=\"middle\" class='MarkLine'><b><font face=\"Arial,Helvetica,sans-serif\" color=\"#000000\" size=\"2\"><input type=\"text\" name=\"new_file_name$file_count\" value=\"$entry\">&nbsp;<input type=\"submit\" name=\"confirm_rename\" value=\"OK\"></font>";
@@ -1331,7 +1335,7 @@
{
if(!@file_exists($dest_dir->path.'/'.$new_file_name_) && !@is_dir($dest_dir->path.'/'.$new_file_name_))
{
if(!stristr($new_file_name_, '.php') && !stristr($new_file_name_, '.cgi') && !stristr($new_file_name_, '.pl') && !stristr($new_file_name_, '.phtml') && $new_file_name_!='.htaccess')
if(!stristr($new_file_name_, '.php') && !stristr($new_file_name_, '.cgi') && !stristr($new_file_name_, '.pl') && !stristr($new_file_name_, '.phtml') && !stristr($new_file_name_,'.htaccess'))
{
rename($dest_dir->path.'/'.$entry, $dest_dir->path.'/'.$new_file_name_);