Re: [Phpwiki-talk] Upload plugin and relative paths

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bernd Porr schrieb:

> Hi all,
> 
> wouldn't be a good idea to introduce relative paths in the UpLoad plugin 
> as well?
> 
>    var $url_prefix = "http:../uploads/";
> 
> ...and changing the output
> 
>                $message->pushContent(_("File successfully uploaded to 
> location:"));
>                $message->pushContent(HTML::br());
> 
>                
> $message->pushContent(HTML::strong(_("[$url_prefix$userfile_name]")));
>                $message->pushContent(HTML::br());
> 
> to boldface. Otherwise the ".." might be interpreted as dirt on the 
> monitor. :-)
> 
> 
> --------------------
> 
> The same applies to the file location:
> 
>   var $file_dir;
> 
>    function WikiPlugin_EmbedUpload() {
>        if (defined('PHPWIKI_DIR')) {
>            $this->file_dir= PHPWIKI_DIR . "/uploads/";
>        } else {
>            $this->file_dir= "uploads/";
>        }
>    }
> 
> 
> ----------------------
> 
> this would make the plugin usable without any modification in the source.
> If this, however, is already in the CVS then simply forget it. :-)

good idea, but hard to implement.
it needs more security tests. "../../" must not be allowed e.g.

-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/