From: Jerome Jutteau Date: Wed, 13 Feb 2013 10:36:31 +0000 (+0000) Subject: Fix user input for not including new lines X-Git-Tag: 1.1~215 X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/11e172891035764434fbf06bc4a6f1ff0b04fdca Fix user input for not including new lines --- diff --git a/lib/functions.php b/lib/functions.php index b658b17..d70a17c 100755 --- a/lib/functions.php +++ b/lib/functions.php @@ -329,7 +329,7 @@ jirafeau_upload ($file, $one_time_download, $key, $time, $ip) /* file informations */ $md5 = md5_file ($file['tmp_name']); - $name = trim ($file['name']); + $name = str_replace (NL, '', trim ($file['name'])); $mime_type = $file['type']; $size = $file['size']; @@ -801,7 +801,7 @@ jirafeau_async_init ($filename, $type, $one_time, $key, $time, $ip) $p .= $ref; $handle = fopen ($p, 'w'); fwrite ($handle, - $filename . NL. $type . NL. $password . NL. $time . NL . + str_replace (NL, '', trim ($filename)) . NL. trim ($type) . NL. $password . NL. $time . NL . ($one_time ? 'O' : 'R') . NL . $ip . NL . date ('U') . NL . $code . NL); fclose ($handle); diff --git a/script.php b/script.php index ad354a5..396538c 100755 --- a/script.php +++ b/script.php @@ -485,11 +485,11 @@ elseif (isset ($_GET['init_async'])) break; } echo jirafeau_async_init ($_POST['filename'], - $type, - isset ($_POST['one_time_download']), - $key, - $time, - $_SERVER['REMOTE_ADDR']); + $type, + isset ($_POST['one_time_download']), + $key, + $time, + $_SERVER['REMOTE_ADDR']); } /* Continue an asynchronous upload. */ elseif (isset ($_GET['push_async']))