From cacf27474fea1fbe2a09aab292b8ccfc2bc91235 Mon Sep 17 00:00:00 2001
From: lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 14 Aug 2000 19:55:21 +0000
Subject: [PATCH] added security fix for uploading attachments from Martin
 Sarsale

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@711 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 src/compose.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/compose.php b/src/compose.php
index 0f7904a4..d57e733b 100644
--- a/src/compose.php
+++ b/src/compose.php
@@ -152,8 +152,8 @@
          echo "// --></SCRIPT>\n\n";
       }
 
-      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
+      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
+      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
       if ($reply_id) {
          echo "<input type=hidden name=reply_id value=$reply_id>\n";
       }                 
@@ -346,6 +346,10 @@
       $localfilename = $localfilename;
       
       // Put the file in a better place
+      $tmp=explode('/',$attachfile);
+      $attachfile=$tmp[count($tmp)-1];
+      $attachfile=ereg_replace('\.{2,}','',$attachfile);
+
       error_reporting(0); // Rename will produce error output if it fails
       if (!rename($attachfile, $attachment_dir.$localfilename)) {
          if (!copy($attachfile, $attachment_dir.$localfilename)) {
-- 
2.25.1