file upload fix

diff --git a/doc/TODO b/doc/TODO
index b8a60ebed6d7ed76257987b9669d878366a2939b..4cfbaaeaae37448672890e58d89586d383c1dd51 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,8 +1,5 @@
 - User mail is not working
 
-- Userinfo is not working
- ()
-
 - Uploading of datafiles is not working
 
 - Registration process is not working
@@ -51,7 +48,6 @@
   ( ./inc/eventz/addPlugin.inc )
   ( ./inc/eventz/kyberia.inc ) (wtf)
  
-
 - Refactor directory structure
 
 - Deprecated PHP features
@@ -65,6 +61,8 @@
 
 - Implement URL handling using PATH_INFO instead of mod_rewrite
 
+- some templates are fixed only in .tpl, not in sql database
+
 - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
   (We can use multiple hash algorithms (so we'll have backward DB compatibility):
                {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e

diff --git a/wwwroot/inc/eventz.inc b/wwwroot/inc/eventz.inc
index b2d6d3ff8e0ad106c22319b23734a6de389a5e3d..26b1378235c85013b5817cf9db72ea6ef56f6682 100644 (file)
--- a/wwwroot/inc/eventz.inc
+++ b/wwwroot/inc/eventz.inc
@@ -8,11 +8,11 @@ if ($_SESSION['eventz'][$event]) {
 elseif (is_file(INCLUDE_DIR."eventz/$event.inc")) {
        $event_id=nodes::getNodeIdByName($event,"event://$event");
        $event_node=nodes::getNodeById($event_id,$_SESSION['user_id']);
-       if ($event_node['node_system_access']=='public'
-|| ($event_node['node_creator']==$_SESSION['user_id'])
-|| $event_node['node_permission']=='op'
-|| $event_node['node_permission']=='execute'
-|| $event_node['node_permission']=='master' ) {
+       if (($event_node['node_system_access']=='public')
+       || ($event_node['node_creator']==$_SESSION['user_id'])
+       || ($event_node['node_permission']=='op')
+       || ($event_node['node_permission']=='execute')
+       || ($event_node['node_permission']=='master') ) {
                include_once(INCLUDE_DIR."eventz/$event.inc");
                $status=$event();
                $_SESSION['eventz'][$event]=true;

diff --git a/wwwroot/inc/filez.inc b/wwwroot/inc/filez.inc
index d068cae33c113a901ba5e0876d0b651ae33cfd2f..5ca65c93c77d4bf06ac5c70f31d083b0727e60f5 100644 (file)
--- a/wwwroot/inc/filez.inc
+++ b/wwwroot/inc/filez.inc
@@ -15,7 +15,7 @@ public static function files($id) {
 // Function that check if given filename is "secure" (for uploading)
 // Dont use for reading files, directory traversal is not checked
 
-public static function filename_secure(name){
+public static function filename_secure($name){
        $suffix = array_pop(explode('.', basename($name)));
        
        // This is unfornately blacklist

diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php
index a1e6456c3c5f89eaf78542503faaf1a26ce0ae34..718e9cace067e85cfc886ed199f846e34ba1791e 100644 (file)
--- a/wwwroot/nodes.php
+++ b/wwwroot/nodes.php
@@ -5,9 +5,6 @@ if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start();
 //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk");
 //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)";
 //exit;
-error_reporting(1);
-$_SESSION['debugging']=1;
-//exit;
 
 //starting timer for benchmarking purposes
 $timer_start=Time()+SubStr(MicroTime(),0,8);
@@ -15,6 +12,10 @@ $timer_start=Time()+SubStr(MicroTime(),0,8);
 //setting PHPSESSID cookie and starting user session
 session_start();
 
+error_reporting(1);
+$_SESSION['debugging']=1;
+//exit;
+
 
 if ($_SESSION['debugging']) {