[Webbinder-commits] root jhot.php,1.1.1.1,1.2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/webbinder/root
In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv1880

Modified Files:
	jhot.php 
Log Message:
security

Index: jhot.php
===================================================================
RCS file: /cvsroot/webbinder/root/jhot.php,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** jhot.php	18 Aug 2005 13:35:15 -0000	1.1.1.1
--- jhot.php	5 Sep 2006 14:09:10 -0000	1.2
***************
*** 12,15 ****
--- 12,18 ----
  include_once ('lib/drawings/drawlib.php');
  
+ if (($tiki_p_admin_drawings != 'y') && ($tiki_p_edit_drawings != 'y') && ($feature_drawings != 'y')) {
+         die;
+ }
  if (isset($_FILES['filepath']) && is_uploaded_file($_FILES['filepath']['tmp_name'])) {
  	$size = $_FILES['filepath']['size'];
***************
*** 31,40 ****
  	$now = date("U");
  
! 	if (strstr($name, '.gif')) {
  		$hash = $absolute_name . md5(uniqid('.')). '.gif';
! 	}
! 
! 	if (strstr($name, '.pad_xml')) {
  		$hash = $absolute_name . md5(uniqid('.')). '.pad_xml';
  	}
  
--- 34,43 ----
  	$now = date("U");
  
! 	if (substr($name,-4,4) == '.gif') {
  		$hash = $absolute_name . md5(uniqid('.')). '.gif';
! 	} elseif (substr($name,-8,8) == '.pad_xml') {
  		$hash = $absolute_name . md5(uniqid('.')). '.pad_xml';
+ 	} else {
+ 		die();
  	}