golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security: Clean up user inputs before using. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2004-10-02 00:46:30 +00:00
parent d5c9465fa9
commit 8fca0cb926
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-admin/upload.php
View File

@ -80,15 +80,15 @@ case 'upload':
<?php //Makes sure they choose a file <?php //Makes sure they choose a file
//print_r($HTTP_POST_FILES); //print_r($_FILES);
//die(); //die();
$imgalt = (isset($_POST['imgalt'])) ? $_POST['imgalt'] : $imgalt; $imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
$img1_name = (strlen($imgalt)) ? $_POST['imgalt'] : $HTTP_POST_FILES['img1']['name']; $img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $HTTP_POST_FILES['img1']['type']; $img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
$imgdesc = str_replace('"', '&amp;quot;', $_POST['imgdesc']); $imgdesc = htmlentities2($imgdesc);
$imgtype = explode(".",$img1_name); $imgtype = explode(".",$img1_name);
$imgtype = strtolower($imgtype[count($imgtype)-1]); $imgtype = strtolower($imgtype[count($imgtype)-1]);
@ -99,10 +99,10 @@ case 'upload':
if (strlen($imgalt)) { if (strlen($imgalt)) {
$pathtofile = get_settings('fileupload_realpath')."/".$imgalt; $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
$img1 = $_POST['img1']; $img1 = $_POST['img1']['tmp_name'];
} else { } else {
$pathtofile = get_settings('fileupload_realpath')."/".$img1_name; $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
$img1 = $HTTP_POST_FILES['img1']['tmp_name']; $img1 = $_FILES['img1']['tmp_name'];
} }
// makes sure not to upload duplicates, rename duplicates // makes sure not to upload duplicates, rename duplicates
@ -191,7 +191,7 @@ die();
$max_side = 400; $max_side = 400;
} }
elseif($_POST['thumbsize'] == 'custom') { elseif($_POST['thumbsize'] == 'custom') {
$max_side = $_POST['imgthumbsizecustom']; $max_side = intval($_POST['imgthumbsizecustom']);
} }
$result = wp_create_thumbnail($pathtofile, $max_side, NULL); $result = wp_create_thumbnail($pathtofile, $max_side, NULL);

8
wp-includes/functions.php
View File

@ -1716,4 +1716,12 @@ function get_template_directory() {
return $template; return $template;
} }
// Borrowed from the PHP Manual user notes. Convert entities, while
// preserving already-encoded entities:
function htmlentities2($myHTML) {
$translation_table=get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
$translation_table[chr(38)] = '&';
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&amp;" , strtr($myHTML, $translation_table));
}
?> ?>