[pLog-svn] r6949 - in plog/branches/lifetype-1.2/class: data/validator template

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Wed Jan 6 15:50:57 EST 2010 

Author: jondaley
Date: 2010-01-06 15:50:57 -0500 (Wed, 06 Jan 2010)
New Revision: 6949

Modified:
   plog/branches/lifetype-1.2/class/data/validator/uploadvalidator.class.php
   plog/branches/lifetype-1.2/class/template/templatesandbox.class.php
Log:
mod_mime has a bug in it (in my opinion) that causes it to treat all of the following as executable php scripts: test.php, test.php., test.php.text.  We'll need to release a version with this fix.

Modified: plog/branches/lifetype-1.2/class/data/validator/uploadvalidator.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/validator/uploadvalidator.class.php	2010-01-06 19:47:32 UTC (rev 6948)
+++ plog/branches/lifetype-1.2/class/data/validator/uploadvalidator.class.php	2010-01-06 20:50:57 UTC (rev 6949)
@@ -84,6 +84,9 @@
             	if( Glob::fnmatch( $file, $fileName )) {
                 	return UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION;
                 }
+            	if( Glob::fnmatch( $file.".*", $fileName )) {
+                	return UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION;
+                }
             }
 
         	return true;			

Modified: plog/branches/lifetype-1.2/class/template/templatesandbox.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/templatesandbox.class.php	2010-01-06 19:47:32 UTC (rev 6948)
+++ plog/branches/lifetype-1.2/class/template/templatesandbox.class.php	2010-01-06 20:50:57 UTC (rev 6949)
@@ -42,7 +42,7 @@
             $forbiddenFilesStr = $config->getValue( 'upload_forbidden_files' );
 
             // return true if there's nothing to do
-            if( empty($forbiddenFilesStr) || !$forbiddenFilesStr )
+            if( empty($forbiddenFilesStr) )
             	return true;
 
             // otherwise, turn the thing into an array and go through all of them
@@ -51,6 +51,9 @@
                 $files = Glob::myGlob( $folder, $file );
                 if( count($files) > 0 )
                 	return false;
+                $files = Glob::myGlob( $folder, $file.".*" );
+                if( count($files) > 0 )
+                	return false;
             }
 
             return true;

More information about the pLog-svn mailing list