mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-10-31 21:33:00 +00:00
feature-upload: fix the dot problem
This commit is contained in:
parent
c1af093ada
commit
a1b962a7b5
1 changed files with 8 additions and 4 deletions
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "Uploader",
|
"name" => "Uploader",
|
||||||
"version" => "0.6.3",
|
"version" => "0.6.4",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
||||||
"id" => "feature-upload",
|
"id" => "feature-upload",
|
||||||
|
@ -138,7 +138,8 @@ register_module([
|
||||||
|
|
||||||
// Calculate the target name, removing any characters we
|
// Calculate the target name, removing any characters we
|
||||||
// are unsure about.
|
// are unsure about.
|
||||||
$target_name = makepathsafe($_POST["name"] ?? "Users/$env->user/Avatar");
|
// Also trim off whitespace (from both ends), and full stops (from the end)
|
||||||
|
$target_name = rtrim(trim(makepathsafe($_POST["name"] ?? "Users/$env->user/Avatar")), ".");
|
||||||
$temp_filename = $_FILES["file"]["tmp_name"];
|
$temp_filename = $_FILES["file"]["tmp_name"];
|
||||||
|
|
||||||
$mimechecker = finfo_open(FILEINFO_MIME_TYPE);
|
$mimechecker = finfo_open(FILEINFO_MIME_TYPE);
|
||||||
|
@ -183,18 +184,21 @@ register_module([
|
||||||
if(isset($settings->mime_mappings_overrides->$mime_type))
|
if(isset($settings->mime_mappings_overrides->$mime_type))
|
||||||
$file_extension = $settings->mime_mappings_overrides->$mime_type;
|
$file_extension = $settings->mime_mappings_overrides->$mime_type;
|
||||||
|
|
||||||
if(in_array($file_extension, [ "php", ".htaccess", "asp", "aspx" ]))
|
if(in_array($file_extension, [ "phtml", "php5", "php", ".htaccess", "asp", "aspx" ]))
|
||||||
{
|
{
|
||||||
http_response_code(415);
|
http_response_code(415);
|
||||||
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>The file you uploaded appears to be dangerous and has been discarded. Please contact $settings->sitename's administrator for assistance.</p>
|
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>The file you uploaded appears to be dangerous and has been discarded. Please contact $settings->sitename's administrator for assistance.</p>
|
||||||
<p>Additional information: The file uploaded appeared to be of type <code>$mime_type</code>, which mapped onto the extension <code>$file_extension</code>. This file extension has the potential to be executed accidentally by the web server.</p>"));
|
<p>Additional information: The file uploaded appeared to be of type <code>$mime_type</code>, which mapped onto the extension <code>$file_extension</code>. This file extension has the potential to be executed accidentally by the web server.</p>"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Remove dots from both ends, just in case
|
||||||
|
$file_extension = trim($file_extension, ".");
|
||||||
|
|
||||||
// Rewrite the name to include the _actual_ file extension we've cleverly calculated :D
|
// Rewrite the name to include the _actual_ file extension we've cleverly calculated :D
|
||||||
|
|
||||||
// The path to the place (relative to the wiki data root)
|
// The path to the place (relative to the wiki data root)
|
||||||
// that we're actually going to store the uploaded file itself
|
// that we're actually going to store the uploaded file itself
|
||||||
$new_filename = "$paths->upload_file_prefix$target_name$file_extension";
|
$new_filename = "$paths->upload_file_prefix$target_name.$file_extension";
|
||||||
// The path (relative, as before) to the description file
|
// The path (relative, as before) to the description file
|
||||||
$new_description_filename = "$new_filename.md";
|
$new_description_filename = "$new_filename.md";
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue