diff options
Diffstat (limited to 'classes')
-rw-r--r-- | classes/opml.php | 30 | ||||
-rw-r--r-- | classes/pref/feeds.php | 25 |
2 files changed, 48 insertions, 7 deletions
diff --git a/classes/opml.php b/classes/opml.php index 7a49f757c..2ecae4237 100644 --- a/classes/opml.php +++ b/classes/opml.php @@ -461,11 +461,35 @@ class Opml extends Handler_Protected { # if ($debug) $doc = DOMDocument::load("/tmp/test.opml"); - if (is_file($_FILES['opml_file']['tmp_name'])) { + if ($_FILES['opml_file']['error'] != 0) { + print_error(T_sprintf("Upload failed with error code %d", + $_FILES['opml_file']['error'])); + return; + } + + $tmp_file = false; + + if (is_uploaded_file($_FILES['opml_file']['tmp_name'])) { + $tmp_file = tempnam(CACHE_DIR . '/upload', 'opml'); + + $result = move_uploaded_file($_FILES['opml_file']['tmp_name'], + $tmp_file); + + if (!$result) { + print_error(__("Unable to move uploaded file.")); + return; + } + } else { + print_error(__('Error: please upload OPML file.')); + return; + } + + if (is_file($tmp_file)) { $doc = new DOMDocument(); - $doc->load($_FILES['opml_file']['tmp_name']); + $doc->load($tmp_file); + unlink($tmp_file); } else if (!$doc) { - print_error(__('Error: please upload OPML file.')); + print_error(__('Error: unable to find moved OPML file.')); return; } diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 469ca1111..f57cc37d6 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -463,7 +463,7 @@ class Pref_Feeds extends Handler_Protected { WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); + @unlink(ICONS_DIR . "/$feed_id.ico"); } return; @@ -472,7 +472,22 @@ class Pref_Feeds extends Handler_Protected { function uploadicon() { header("Content-type: text/html"); - $icon_file = $_FILES['icon_file']['tmp_name']; + $tmp_file = false; + + if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) { + $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon'); + + $result = move_uploaded_file($_FILES['icon_file']['tmp_name'], + $tmp_file); + + if (!$result) { + return; + } + } else { + return; + } + + $icon_file = $tmp_file; $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { @@ -482,8 +497,8 @@ class Pref_Feeds extends Handler_Protected { WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); - move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico"); + @unlink(ICONS_DIR . "/$feed_id.ico"); + rename($icon_file, ICONS_DIR . "/$feed_id.ico"); $rc = 0; } else { $rc = 2; @@ -495,6 +510,8 @@ class Pref_Feeds extends Handler_Protected { $rc = 2; } + @unlink($icon_file); + print "<script type=\"text/javascript\">"; print "parent.uploadIconHandler($rc);"; print "</script>"; |