From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/settings/upload.inc | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/program/steps/settings/upload.inc b/program/steps/settings/upload.inc
index 8d338eb..dc81982 100644
--- a/program/steps/settings/upload.inc
+++ b/program/steps/settings/upload.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/settings/upload.inc |
| |
@@ -51,15 +51,15 @@
$uploadid = rcube_utils::get_input_value('_uploadid', rcube_utils::INPUT_GET);
-if (is_array($_FILES['_files']['tmp_name'])) {
- $multiple = count($_FILES['_files']['tmp_name']) > 1;
+if (is_array($_FILES['_file']['tmp_name'])) {
+ $multiple = count($_FILES['_file']['tmp_name']) > 1;
- foreach ($_FILES['_files']['tmp_name'] as $i => $filepath) {
+ foreach ($_FILES['_file']['tmp_name'] as $i => $filepath) {
// Process uploaded attachment if there is no error
- $err = $_FILES['_files']['error'][$i];
+ $err = $_FILES['_file']['error'][$i];
if (!$err) {
- if ($max_size < $_FILES['_files']['size'][$i]) {
+ if ($max_size < $_FILES['_file']['size'][$i]) {
$err = 'size_error';
}
// check image file type
@@ -77,8 +77,8 @@
if (!$err) {
$attachment = $RCMAIL->plugins->exec_hook('attachment_upload', array(
'path' => $filepath,
- 'size' => $_FILES['_files']['size'][$i],
- 'name' => $_FILES['_files']['name'][$i],
+ 'size' => $_FILES['_file']['size'][$i],
+ 'name' => $_FILES['_file']['name'][$i],
'mimetype' => 'image/' . $imageprop['type'],
'group' => $type,
));
--
Gitblit v1.9.1