Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
authorDan
Sat, 08 Nov 2008 22:33:26 -0500
changeset 721 bfde4d7402b1
parent 720 e2762777b170
child 722 4ea698929756
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
plugins/SpecialUpdownload.php
--- a/plugins/SpecialUpdownload.php	Sat Nov 08 22:32:43 2008 -0500
+++ b/plugins/SpecialUpdownload.php	Sat Nov 08 22:33:26 2008 -0500
@@ -118,7 +118,7 @@
     
     $utime = time();
            
-    $filename = $db->escape($filename);
+    $filename = $db->escape(sanitize_page_id($filename));
     $ext = substr($filename, strrpos($filename, '.'), strlen($filename));
     $flen = filesize($file['tmp_name']);
     
@@ -219,7 +219,8 @@
   {
     $tid = '';
   }
-  $filename = $db->escape($filename);
+  $filename = $db->escape(sanitize_page_id($filename));
+  
   $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
   if ( !$q )
   {