diff -r 3dbe848431b0 -r 9237767a23ae plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Fri Oct 19 21:39:33 2007 -0400 +++ b/plugins/SpecialUpdownload.php Sat Oct 20 11:11:40 2007 -0400 @@ -4,13 +4,13 @@ Plugin URI: http://enanocms.org/ Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user. Author: Dan Fuhry -Version: 1.0.1 +Version: 1.0.2 Author URI: http://enanocms.org/ */ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.0 release candidate 2 + * Version 1.0.2 * Copyright (C) 2006-2007 Dan Fuhry * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second * @@ -59,8 +59,14 @@ { $file = false; } - if(!is_array($file)) die_friendly('Upload failed', '

The server could not retrieve the array $_FILES[\'data\'].

'); - if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '

The file you uploaded is either too large or 0 bytes in length.

'); + if ( !is_array($file) ) + { + die_friendly('Upload failed', '

The server could not retrieve the array $_FILES[\'data\'].

'); + } + if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size') ) + { + die_friendly('Upload failed', '

The file you uploaded is either too large or 0 bytes in length.

'); + } /* $allowed_mime_types = Array( 'text/plain', @@ -88,7 +94,7 @@ */ $types = fetch_allowed_extensions(); $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name'])); - if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) + if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) { die_friendly('Upload failed', '

The file type ".'.$ext.'" is not allowed.

'); }