| リビジョン | 90dcd408d311b215a15ee6a96f1f965540189846 (tree) |
|---|---|
| 日時 | 2005-01-30 21:02:37 |
| 作者 | henoheno <henoheno> |
| コミッター | henoheno |
Check PKWK_QUERY_STRING_MAX
plugin/attach.inc.php (diff)| @@ -1,6 +1,6 @@ | ||
| 1 | 1 | <?php |
| 2 | 2 | // PukiWiki - Yet another WikiWikiWeb clone |
| 3 | -// $Id: attach.inc.php,v 1.70 2005/01/23 07:01:56 henoheno Exp $ | |
| 3 | +// $Id: attach.inc.php,v 1.71 2005/01/30 12:02:37 henoheno Exp $ | |
| 4 | 4 | // |
| 5 | 5 | // File attach plugin |
| 6 | 6 |
| @@ -99,7 +99,6 @@ function plugin_attach_action() | ||
| 99 | 99 | // Dispatch |
| 100 | 100 | if (isset($_FILES['attach_file'])) { |
| 101 | 101 | // Upload |
| 102 | - if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); | |
| 103 | 102 | return attach_upload($_FILES['attach_file'], $refer, $pass); |
| 104 | 103 | } |
| 105 | 104 | switch ($pcmd) { |
| @@ -149,8 +148,18 @@ function attach_upload($file, $page, $pass = NULL) | ||
| 149 | 148 | { |
| 150 | 149 | global $_attach_messages; |
| 151 | 150 | |
| 152 | - if (! is_page($page)) { | |
| 153 | - die_message("No such page"); | |
| 151 | + if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); | |
| 152 | + | |
| 153 | + // Check query-string | |
| 154 | + $query = 'plugin=attach&pcmd=info&refer=' . rawurlencode($page) . | |
| 155 | + '&file=' . rawurlencode($file['name']); | |
| 156 | + | |
| 157 | + if (PKWK_QUERY_STRING_MAX && strlen($query) > PKWK_QUERY_STRING_MAX) { | |
| 158 | + pkwk_common_headers(); | |
| 159 | + echo('Query string (page name and/or file name) too long'); | |
| 160 | + exit; | |
| 161 | + } else if (! is_page($page)) { | |
| 162 | + die_message('No such page'); | |
| 154 | 163 | } else if ($file['tmp_name'] == '' || ! is_uploaded_file($file['tmp_name'])) { |
| 155 | 164 | return array('result'=>FALSE); |
| 156 | 165 | } else if ($file['size'] > PLUGIN_ATTACH_MAX_FILESIZE) { |
| @@ -169,18 +178,15 @@ function attach_upload($file, $page, $pass = NULL) | ||
| 169 | 178 | } |
| 170 | 179 | |
| 171 | 180 | $obj = & new AttachFile($page, $file['name']); |
| 172 | - if ($obj->exist) { | |
| 181 | + if ($obj->exist) | |
| 173 | 182 | return array('result'=>FALSE, |
| 174 | 183 | 'msg'=>$_attach_messages['err_exists']); |
| 175 | - } | |
| 176 | 184 | |
| 177 | - if (move_uploaded_file($file['tmp_name'], $obj->filename)) { | |
| 185 | + if (move_uploaded_file($file['tmp_name'], $obj->filename)) | |
| 178 | 186 | chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); |
| 179 | - } | |
| 180 | 187 | |
| 181 | - if (is_page($page)) { | |
| 188 | + if (is_page($page)) | |
| 182 | 189 | touch(get_filename($page)); |
| 183 | - } | |
| 184 | 190 | |
| 185 | 191 | $obj->getstatus(); |
| 186 | 192 | $obj->status['pass'] = ($pass !== TRUE && $pass !== NULL) ? md5($pass) : ''; |
haifun
Fork