added security fix for uploading attachments from Martin Sarsale

author lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)

committer lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
author lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
committer lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
diff --git a/src/compose.php b/src/compose.php

index 0f7904a48ecccd1f9879dcb363b32d1d964a46c7..d57e733b73cc2a5f35e77661cae82040302aa9e9 100644 (file)
--- a/src/compose.php
+++ b/src/compose.php
@@ -152,8 +152,8 @@
           echo "// --></SCRIPT>\n\n";
        }
  
-      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
+      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
+      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
        if ($reply_id) {
           echo "<input type=hidden name=reply_id value=$reply_id>\n";
        }                 
@@ -346,6 +346,10 @@
        $localfilename = $localfilename;
        
        // Put the file in a better place
+      $tmp=explode('/',$attachfile);
+      $attachfile=$tmp[count($tmp)-1];
+      $attachfile=ereg_replace('\.{2,}','',$attachfile);
+
        error_reporting(0); // Rename will produce error output if it fails
        if (!rename($attachfile, $attachment_dir.$localfilename)) {
           if (!copy($attachfile, $attachment_dir.$localfilename)) {
author	lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
committer	lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)