Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bufix: Checking uploaded files' extensions looked for the tmp file name, not the actual file name. Fixes #152 as well - thanks @s4n-h4xor!

Browse Source
This commit is contained in:
azett 2022-10-01 13:33:34 +02:00
parent 225e3b1b8d
commit 92c0b2a517
2 changed files with 130 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -9,6 +9,7 @@
- jQuery plugin: Updated jQuery (3.5.1 => 3.6) and jQueryUI (1.12.1 => 1.13.1) - jQuery plugin: Updated jQuery (3.5.1 => 3.6) and jQueryUI (1.12.1 => 1.13.1)
- Media Manager plugin shows 50 items per page, not 10 - Media Manager plugin shows 50 items per page, not 10
- LastComments plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available ([#43](https://github.com/flatpressblog/flatpress/issues/43)) - LastComments plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available ([#43](https://github.com/flatpressblog/flatpress/issues/43))
- Comment Center config page threw errors ([#90](https://github.com/flatpressblog/flatpress/issues/90))
## Themes ## Themes
- Leggero - Leggero
@ -29,7 +30,6 @@
- Search page: Month names displayed in configured frontend language ([#132](https://github.com/flatpressblog/flatpress/issues/132)) - Search page: Month names displayed in configured frontend language ([#132](https://github.com/flatpressblog/flatpress/issues/132))
## Other bugfixes ## Other bugfixes
- Comment Center config page threw errors ([#90](https://github.com/flatpressblog/flatpress/issues/90))
- Plugin management page: Removed empty warning messages box - Plugin management page: Removed empty warning messages box
- Fixed error at prev link on first / next link on last entry ([#95](https://github.com/flatpressblog/flatpress/issues/95)) - Fixed error at prev link on first / next link on last entry ([#95](https://github.com/flatpressblog/flatpress/issues/95))
- Logout redirects to home page again ([#119](https://github.com/flatpressblog/flatpress/issues/119)) - Logout redirects to home page again ([#119](https://github.com/flatpressblog/flatpress/issues/119))

9
admin/panels/uploader/admin.uploader.php
View File

@ -102,7 +102,11 @@ class admin_uploader_default extends AdminPanelAction {
foreach ($_FILES ["upload"] ["error"] as $key => $error) { foreach ($_FILES ["upload"] ["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) { // Upload went wrong -> jump to the next file
if ($error != UPLOAD_ERR_OK) {
continue;
}
$tmp_name = $_FILES ["upload"] ["tmp_name"] [$key]; $tmp_name = $_FILES ["upload"] ["tmp_name"] [$key];
$name = $_FILES ["upload"] ["name"] [$key]; $name = $_FILES ["upload"] ["name"] [$key];
@ -115,7 +119,7 @@ class admin_uploader_default extends AdminPanelAction {
* 2019-11-24 - laborix * 2019-11-24 - laborix
*/ */
$uploadfilename = strtolower($tmp_name); $uploadfilename = strtolower($name);
$isForbidden = false; $isForbidden = false;
$deeptest = array(); $deeptest = array();
@ -229,7 +233,6 @@ class admin_uploader_default extends AdminPanelAction {
// one failure will make $success == false :) // one failure will make $success == false :)
$success &= $success; $success &= $success;
} }
}
if ($uploaded_files) { if ($uploaded_files) {
$this->smarty->assign('success', $success ? 1 : -1); $this->smarty->assign('success', $success ? 1 : -1);