eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git@gitorious.org:statusnet/mainline

Browse Source
This commit is contained in:
Evan Prodromou 2010-02-03 11:53:54 -05:00
commit 20953ea3de
3 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
actions/getfile.php
View File

@ -71,7 +71,7 @@ class GetfileAction extends Action
$filename = $this->trimmed('filename'); $filename = $this->trimmed('filename');
$path = null; $path = null;
if ($filename) { if ($filename && File::validFilename($filename)) {
$path = File::path($filename); $path = File::path($filename);
} }

17
classes/File.php
View File

@ -176,8 +176,22 @@ class File extends Memcached_DataObject
return "$nickname-$datestamp-$random.$ext"; return "$nickname-$datestamp-$random.$ext";
} }
/**
* Validation for as-saved base filenames
*/
static function validFilename($filename)
{
return preg_match('/^[A-Za-z0-9._-]+$/', $filename);
}
/**
* @throws ClientException on invalid filename
*/
static function path($filename) static function path($filename)
{ {
if (!self::validFilename($filename)) {
throw new ClientException("Invalid filename");
}
$dir = common_config('attachments', 'dir'); $dir = common_config('attachments', 'dir');
if ($dir[strlen($dir)-1] != '/') { if ($dir[strlen($dir)-1] != '/') {
@ -189,6 +203,9 @@ class File extends Memcached_DataObject
static function url($filename) static function url($filename)
{ {
if (!self::validFilename($filename)) {
throw new ClientException("Invalid filename");
}
if(common_config('site','private')) { if(common_config('site','private')) {
return common_local_url('getfile', return common_local_url('getfile',

6
scripts/setup_status_network.sh
View File

@ -13,6 +13,11 @@ export sitename="$2"
export tags="$3" export tags="$3"
export email="$4" export email="$4"
export fullname="$5" export fullname="$5"
export sitetype="$6"
if [ "$sitetype" == '' ]; then
sitetype='single-user'
fi
# Fixme: if this is changed later we need to update profile URLs # Fixme: if this is changed later we need to update profile URLs
# for the created user. # for the created user.
@ -71,6 +76,7 @@ then
sed "s/\$nickname/$nickname/" | \ sed "s/\$nickname/$nickname/" | \
sed "s/\$sitename/$sitename/" | \ sed "s/\$sitename/$sitename/" | \
sed "s/\$userpass/$userpass/" | \ sed "s/\$userpass/$userpass/" | \
sed "s/\$sitetype/$sitetype/" | \
php $PHPBASE/scripts/sendemail.php \ php $PHPBASE/scripts/sendemail.php \
-s"$server" \ -s"$server" \
-n"$nickname" \ -n"$nickname" \