Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-timesheet2-invoices
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-timesheet2-invoices
Commits
f193aea0
Commit
f193aea0
authored
Mar 08, 2010
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- added checks to detect malicious upload filenames
parent
50eb0dc8
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
1 addition
and
0 deletions
+1
-0
upload-prices-2.tcl
www/price-lists/upload-prices-2.tcl
+1
-0
No files found.
www/price-lists/upload-prices-2.tcl
View file @
f193aea0
...
@@ -24,6 +24,7 @@ set context_bar [im_context_bar [list "/intranet/cusomers/" "<#_ Clients#>"] "<#
...
@@ -24,6 +24,7 @@ set context_bar [im_context_bar [list "/intranet/cusomers/" "<#_ Clients#>"] "<#
# number_of_bytes is the upper-limit
# number_of_bytes is the upper-limit
set
max_n_bytes
[
ad_parameter -package_id
[
im_package_filestorage_id
]
MaxNumberOfBytes
""
0
]
set
max_n_bytes
[
ad_parameter -package_id
[
im_package_filestorage_id
]
MaxNumberOfBytes
""
0
]
set
tmp_filename
[
ns_queryget upload_file.tmpfile
]
set
tmp_filename
[
ns_queryget upload_file.tmpfile
]
im_security_alert_check_tmpnam -location
"upload-prices-2.tcl"
-value
$tmp
_filename
if
{
$max
_n_bytes &&
([
file
size
$tmp
_filename
]
>
$max
_n_bytes
)
}
{
if
{
$max
_n_bytes &&
([
file
size
$tmp
_filename
]
>
$max
_n_bytes
)
}
{
ad_return_complaint 1
"<#_ Your file is larger than the maximum permissible upload size#>:
[
util_commify_number
$max
_n_bytes
]
bytes"
ad_return_complaint 1
"<#_ Your file is larger than the maximum permissible upload size#>:
[
util_commify_number
$max
_n_bytes
]
bytes"
return
return
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment