From 45a1b8708029e9c2e30b0cfcc42ca0b276a49e59 Mon Sep 17 00:00:00 2001 From: niekt0 Date: Wed, 3 Nov 2010 01:41:17 +0100 Subject: [PATCH] file upload fix --- doc/TODO | 6 ++---- wwwroot/inc/eventz.inc | 10 +++++----- wwwroot/inc/filez.inc | 2 +- wwwroot/nodes.php | 7 ++++--- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/doc/TODO b/doc/TODO index b8a60eb..4cfbaae 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,8 +1,5 @@ - User mail is not working -- Userinfo is not working - () - - Uploading of datafiles is not working - Registration process is not working @@ -51,7 +48,6 @@ ( ./inc/eventz/addPlugin.inc ) ( ./inc/eventz/kyberia.inc ) (wtf) - - Refactor directory structure - Deprecated PHP features @@ -65,6 +61,8 @@ - Implement URL handling using PATH_INFO instead of mod_rewrite +- some templates are fixed only in .tpl, not in sql database + - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) (We can use multiple hash algorithms (so we'll have backward DB compatibility): {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e diff --git a/wwwroot/inc/eventz.inc b/wwwroot/inc/eventz.inc index b2d6d3f..26b1378 100644 --- a/wwwroot/inc/eventz.inc +++ b/wwwroot/inc/eventz.inc @@ -8,11 +8,11 @@ if ($_SESSION['eventz'][$event]) { elseif (is_file(INCLUDE_DIR."eventz/$event.inc")) { $event_id=nodes::getNodeIdByName($event,"event://$event"); $event_node=nodes::getNodeById($event_id,$_SESSION['user_id']); - if ($event_node['node_system_access']=='public' -|| ($event_node['node_creator']==$_SESSION['user_id']) -|| $event_node['node_permission']=='op' -|| $event_node['node_permission']=='execute' -|| $event_node['node_permission']=='master' ) { + if (($event_node['node_system_access']=='public') + || ($event_node['node_creator']==$_SESSION['user_id']) + || ($event_node['node_permission']=='op') + || ($event_node['node_permission']=='execute') + || ($event_node['node_permission']=='master') ) { include_once(INCLUDE_DIR."eventz/$event.inc"); $status=$event(); $_SESSION['eventz'][$event]=true; diff --git a/wwwroot/inc/filez.inc b/wwwroot/inc/filez.inc index d068cae..5ca65c9 100644 --- a/wwwroot/inc/filez.inc +++ b/wwwroot/inc/filez.inc @@ -15,7 +15,7 @@ public static function files($id) { // Function that check if given filename is "secure" (for uploading) // Dont use for reading files, directory traversal is not checked -public static function filename_secure(name){ +public static function filename_secure($name){ $suffix = array_pop(explode('.', basename($name))); // This is unfornately blacklist diff --git a/wwwroot/nodes.php b/wwwroot/nodes.php index a1e6456..718e9ca 100644 --- a/wwwroot/nodes.php +++ b/wwwroot/nodes.php @@ -5,9 +5,6 @@ if (!empty($_POST['FORCE_OB']) && $_POST['FORCE_OB'] == 'true') ob_start(); //header("Location: http://web.archive.org/web/20020925021139/http://kyberia.sk"); //echo "je to uz uplne v pici. vsetky data su stratene, prajem pekny den :)"; //exit; -error_reporting(1); -$_SESSION['debugging']=1; -//exit; //starting timer for benchmarking purposes $timer_start=Time()+SubStr(MicroTime(),0,8); @@ -15,6 +12,10 @@ $timer_start=Time()+SubStr(MicroTime(),0,8); //setting PHPSESSID cookie and starting user session session_start(); +error_reporting(1); +$_SESSION['debugging']=1; +//exit; + if ($_SESSION['debugging']) { -- 2.30.2