added security fix for uploading attachments from Martin Sarsale
authorlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
committerlkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 14 Aug 2000 19:55:21 +0000 (19:55 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@711 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/compose.php

index 0f7904a..d57e733 100644 (file)
          echo "// --></SCRIPT>\n\n";
       }
 
-      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
-      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
+      echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST ENCTYPE=\"multipart/form-data\">\n";
+      //echo "\n<FORM name=compose action=\"compose.php\" METHOD=POST>\n";
       if ($reply_id) {
          echo "<input type=hidden name=reply_id value=$reply_id>\n";
       }                 
       $localfilename = $localfilename;
       
       // Put the file in a better place
+      $tmp=explode('/',$attachfile);
+      $attachfile=$tmp[count($tmp)-1];
+      $attachfile=ereg_replace('\.{2,}','',$attachfile);
+
       error_reporting(0); // Rename will produce error output if it fails
       if (!rename($attachfile, $attachment_dir.$localfilename)) {
          if (!copy($attachfile, $attachment_dir.$localfilename)) {