diff options
author | Andrew Dolgov <[email protected]> | 2013-04-11 19:12:00 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-04-11 19:12:00 +0400 |
commit | 3306daecf4450555961490c11e70e7cf7fe7b86e (patch) | |
tree | 98e1162f201f0f0672e14bd12c76677e4d24337e /classes/pref/feeds.php | |
parent | 063ac6135304223d6667401936e3a3931522b07c (diff) |
implement upload-related support for open_basedir
Diffstat (limited to 'classes/pref/feeds.php')
-rw-r--r-- | classes/pref/feeds.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 469ca1111..f57cc37d6 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -463,7 +463,7 @@ class Pref_Feeds extends Handler_Protected { WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); + @unlink(ICONS_DIR . "/$feed_id.ico"); } return; @@ -472,7 +472,22 @@ class Pref_Feeds extends Handler_Protected { function uploadicon() { header("Content-type: text/html"); - $icon_file = $_FILES['icon_file']['tmp_name']; + $tmp_file = false; + + if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) { + $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon'); + + $result = move_uploaded_file($_FILES['icon_file']['tmp_name'], + $tmp_file); + + if (!$result) { + return; + } + } else { + return; + } + + $icon_file = $tmp_file; $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { @@ -482,8 +497,8 @@ class Pref_Feeds extends Handler_Protected { WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); - move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico"); + @unlink(ICONS_DIR . "/$feed_id.ico"); + rename($icon_file, ICONS_DIR . "/$feed_id.ico"); $rc = 0; } else { $rc = 2; @@ -495,6 +510,8 @@ class Pref_Feeds extends Handler_Protected { $rc = 2; } + @unlink($icon_file); + print "<script type=\"text/javascript\">"; print "parent.uploadIconHandler($rc);"; print "</script>"; |