[TYPO3-core] RFC: fix bug #3834 protect t3lib_formmail against abuse
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Wed May 2 17:18:03 CEST 2007
Michael Stucki schrieb:
> Hi Masi,
>
> this is a no-brainer, so +1!
I though so, but why does TCEmain the accept also not uploaded files!?!:
if (@is_dir($dest) &&
(@is_file($theFile) || @is_uploaded_file($theFile))) {
// Finding size. For safe_mode we have to rely on the size
// in the upload array if the file is uploaded.
if (is_uploaded_file($theFile) &&
$theFile==$uploadedFileArray['tmp_name']) {
$fileSize = $uploadedFileArray['size'];
} else {
$fileSize = filesize($theFile);
}
... // copy, ect
}
This code is in checkValue_group_select_file() and handles the uploads.
Masi
More information about the TYPO3-team-core
mailing list