- fixed some bugs

- changed attachment handling a bit - tried to remove target tags out of the code - do not add session ids to urls for bots as well as not creating a new session on each page view for them I bet i introduced some bugs too. ;) git-svn-id: file:///svn/phpbb/trunk@6364 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-31 22:10:45 +02:00 · 2006-09-13 16:08:36 +00:00
parent 35c5fe21cb
commit b76222cb6e
104 changed files with 949 additions and 533 deletions
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -221,6 +221,8 @@ class filespec
 			return false;
 		}

+
+/*
 		// Adjust destination path (no trailing slash)
 		if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\')
 		{
@@ -232,13 +234,29 @@ class filespec
 		{
 			$destination = '';
 		}
+*/

+		// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
 		$this->destination_path = $phpbb_root_path . $destination;

+		// Check if the destination path exist...
+		if (!file_exists($this->destination_path))
+		{
+			@unlink($this->filename);
+			return false;
+		}
+
 		$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
 		$upload_mode = ($this->local) ? 'local' : $upload_mode;
 		$this->destination_file = $this->destination_path . '/' . basename($this->realname);

+		// Check if the file already exist, else there is something wrong...
+		if (file_exists($this->destination_file))
+		{
+			@unlink($this->filename);
+			return false;
+		}
+
 		switch ($upload_mode)
 		{
 			case 'copy':