Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bufix: Checking uploaded files' extensions looked for the tmp file name, not the actual file name. Fixes #152 as well - thanks @s4n-h4xor!

Browse Source
This commit is contained in:
azett 2022-10-01 13:33:34 +02:00
parent 225e3b1b8d
commit 92c0b2a517
2 changed files with 130 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -9,6 +9,7 @@
- jQuery plugin: Updated jQuery (3.5.1 => 3.6) and jQueryUI (1.12.1 => 1.13.1)
- Media Manager plugin shows 50 items per page, not 10
- LastComments plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available ([#43](https://github.com/flatpressblog/flatpress/issues/43))
- Comment Center config page threw errors ([#90](https://github.com/flatpressblog/flatpress/issues/90))
## Themes
- Leggero
@ -29,7 +30,6 @@
- Search page: Month names displayed in configured frontend language ([#132](https://github.com/flatpressblog/flatpress/issues/132))
## Other bugfixes
- Comment Center config page threw errors ([#90](https://github.com/flatpressblog/flatpress/issues/90))
- Plugin management page: Removed empty warning messages box
- Fixed error at prev link on first / next link on last entry ([#95](https://github.com/flatpressblog/flatpress/issues/95))
- Logout redirects to home page again ([#119](https://github.com/flatpressblog/flatpress/issues/119))

9
admin/panels/uploader/admin.uploader.php
View File

@ -102,7 +102,11 @@ class admin_uploader_default extends AdminPanelAction {
foreach ($_FILES ["upload"] ["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
// Upload went wrong -> jump to the next file
if ($error != UPLOAD_ERR_OK) {
continue;
}
$tmp_name = $_FILES ["upload"] ["tmp_name"] [$key];
$name = $_FILES ["upload"] ["name"] [$key];
@ -115,7 +119,7 @@ class admin_uploader_default extends AdminPanelAction {
* 2019-11-24 - laborix
*/
$uploadfilename = strtolower($tmp_name);
$uploadfilename = strtolower($name);
$isForbidden = false;
$deeptest = array();
@ -229,7 +233,6 @@ class admin_uploader_default extends AdminPanelAction {
// one failure will make $success == false :)
$success &= $success;
}
}
if ($uploaded_files) {
$this->smarty->assign('success', $success ? 1 : -1);