reporter
2002-12-26 16:31
reporter
~0003575
|
Here is patch. I do not know, why is file upload functionality disabled here.
--- /home/ondrej/prog/CVS-others/mantisbt/proj_doc_add.php Tue Dec 17 12:35:29 2002
+++ proj_doc_add.php Thu Dec 26 16:54:35 2002
@@ -15,11 +15,12 @@
$result = 0;
$good_upload = 0;
$disallowed = 0;
- extract( $HTTP_POST_FILES['f_file'], EXTR_PREFIX_ALL, 'f' );
- // note that underscore '_' is automatically appended into prefix
-
extract( $HTTP_POST_FILES['f_file'], EXTR_PREFIX_ALL, 'f_file' );
if ( !file_type_check( $f_file_name ) ) {
$disallowed = 1;
- } else if ( is_uploaded_file( $f_file ) ) {
-
} else if ( is_uploaded_file( $f_file_tmp_name ) ) {
$good_upload = 1;
# grab the file path
@@ -30,12 +31,12 @@
$f_description = string_prepare_textarea( $f_description );
$f_file_name = $g_project_cookie_val.'-'.$f_file_name;
- $t_file_size = filesize( $f_file );
-
$t_file_size = filesize( $f_file_tmp_name );
switch ( $g_file_upload_method ) {
case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) {
umask( 0333 ); # make read only
- copy($f_file, $t_file_path.$f_file_name);
- copy($f_file_tmp_name, $t_file_path.$f_file_name);
$query = "INSERT INTO mantis_project_file_table
(id, project_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)
VALUES
@@ -45,7 +46,7 @@
}
break;
case DATABASE:
- $t_content = addslashes( fread ( fopen( $f_file, 'rb' ), $t_file_size ) );
- $t_content = addslashes( fread ( fopen( $f_file_tmp_name, 'rb' ), $t_file_size ) );
$query = "INSERT INTO mantis_project_file_table
(id, project_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)
VALUES
|
|
|
the code in that file has not been updated to use gpc_get_file() and other new api functions, which is why it hasn't been tested yet. I'm working alphabetically through the files fixing them with new apis. So if no on gets to this before then I'll hit it at that point. |
