From: Reini U. <ru...@x-...> - 2003-11-18 20:22:22
|
Bernd Porr schrieb: > Hi all, > > wouldn't be a good idea to introduce relative paths in the UpLoad plugin > as well? > > var $url_prefix = "http:../uploads/"; > > ...and changing the output > > $message->pushContent(_("File successfully uploaded to > location:")); > $message->pushContent(HTML::br()); > > > $message->pushContent(HTML::strong(_("[$url_prefix$userfile_name]"))); > $message->pushContent(HTML::br()); > > to boldface. Otherwise the ".." might be interpreted as dirt on the > monitor. :-) > > > -------------------- > > The same applies to the file location: > > var $file_dir; > > function WikiPlugin_EmbedUpload() { > if (defined('PHPWIKI_DIR')) { > $this->file_dir= PHPWIKI_DIR . "/uploads/"; > } else { > $this->file_dir= "uploads/"; > } > } > > > ---------------------- > > this would make the plugin usable without any modification in the source. > If this, however, is already in the CVS then simply forget it. :-) good idea, but hard to implement. it needs more security tests. "../../" must not be allowed e.g. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |