sbrl-github/Pepperminty-Wiki
sbrl-github/Pepperminty-Wiki
1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-06-26 05:14:55 +00:00
Code Activity

Merge pull request #182 from SeanFromIT/v0.20-hotfixes

Browse source 
patching a PHP 7.3.11 issue and double dot in file uploads
This commit is contained in:
Starbeamrainbowlabs 2020-04-18 12:37:59 +01:00 committed by GitHub
parent 8d2179e290 0622400d0c
commit 7216a50659
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
modules/feature-upload.php
View file

@ -13,7 +13,7 @@ register_module([
* @apiGroup Upload * @apiGroup Upload
* @apiPermission User * @apiPermission User
* *
* @apiParam {boolean} avatar Optional. If true then a special page to upload your avatar is displayed instead. * @apiParam {bool} avatar Optional. If true then a special page to upload your avatar is displayed instead.
*/ */
/** /**
@ -25,7 +25,7 @@ register_module([
* @apiParam {string} name The name of the file to upload. * @apiParam {string} name The name of the file to upload.
* @apiParam {string} description A description of the file. * @apiParam {string} description A description of the file.
* @apiParam {file} file The file to upload. * @apiParam {file} file The file to upload.
* @apiParam {boolean} avatar Whether this upload should be uploaded as the current user's avatar. If specified, any filenames provided will be ignored. * @apiParam {bool} avatar Whether this upload should be uploaded as the current user's avatar. If specified, any filenames provided will be ignored.
* *
* @apiUse UserNotLoggedInError * @apiUse UserNotLoggedInError
* @apiError UploadsDisabledError Uploads are currently disabled in the wiki's settings. * @apiError UploadsDisabledError Uploads are currently disabled in the wiki's settings.
@ -99,7 +99,7 @@ register_module([
break; break;
case "POST": case "POST":
// Recieve file // Receive file
if(!$settings->editing) { if(!$settings->editing) {
exit(page_renderer::render_main("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because editing is currently disabled on $settings->sitename. Please contact $settings->admindetails_name, $settings->sitename's administrator for more information - their contact details can be found at the bottom of this page. <a href='index.php'>Go back to the main page</a>.")); exit(page_renderer::render_main("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because editing is currently disabled on $settings->sitename. Please contact $settings->admindetails_name, $settings->sitename's administrator for more information - their contact details can be found at the bottom of this page. <a href='index.php'>Go back to the main page</a>."));
@ -194,7 +194,7 @@ register_module([
// The path to the place (relative to the wiki data root) // The path to the place (relative to the wiki data root)
// that we're actually going to store the uploaded file itself // that we're actually going to store the uploaded file itself
$new_filename = "$paths->upload_file_prefix$target_name.$file_extension"; $new_filename = "$paths->upload_file_prefix$target_name$file_extension";
// The path (relative, as before) to the description file // The path (relative, as before) to the description file
$new_description_filename = "$new_filename.md"; $new_description_filename = "$new_filename.md";
@ -354,11 +354,8 @@ register_module([
$allheaders = getallheaders(); $allheaders = getallheaders();
$allheaders = array_change_key_case($allheaders, CASE_LOWER); $allheaders = array_change_key_case($allheaders, CASE_LOWER);
if(!isset($allheaders["if-none-match"])) if(!isset($allheaders["if-none-match"]))
{
header("etag: $preview_etag"); header("etag: $preview_etag");
} else {
else
{
if($allheaders["if-none-match"] === $preview_etag) if($allheaders["if-none-match"] === $preview_etag)
{ {
http_response_code(304); http_response_code(304);

2
modules/page-login.php
View file

@ -193,7 +193,7 @@ function do_password_hash_code_update() {
global $settings, $paths; global $settings, $paths;
// There's no point if we're using Argon2i, as it doesn't take a cost // There's no point if we're using Argon2i, as it doesn't take a cost
if(hash_password_properties()["algorithm"] == PASSWORD_ARGON2I) if(defined("PASSWORD_ARGON2I") && hash_password_properties()["algorithm"] == PASSWORD_ARGON2I)
return; return;
// Skip rechecking if the automatic check has been disabled // Skip rechecking if the automatic check has been disabled