*\r
*/\r
\r
-/* 1.0.8.1SP1RC4 2008-12-22-18:30(JP) cacher */\r
/* 1.0.8.1SP1RC5 katsumi */\r
+/* 1.0.8.1SP1RC6 2008-12-25 cacher */\r
\r
if (!defined('_MEDIA_PHP_DEFINED')) {\r
define('_MEDIA_PHP_DEFINED', 1);\r
T.Kosugi edit End\r
*/\r
// $msg1 = rename($mediapath . $_POST[targetfile], $mediapath . htmlspecialchars($_POST[newname]) );\r
- $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars(postVar('newname')) );\r
+ $msg1 = media_rename($mediapath, postVar('targetfile'), htmlspecialchars($newfilename) );\r
if (!$msg1) {\r
print htmlspecialchars(postVar('targetfile') . _MEDIA_PHP_10);\r
}\r
//print "targetthumb=$mediapath$_POST[targetthumb]<BR />";\r
if ($exist) {\r
// $thumbnewname = $Prefix_thumb . $_POST[newname];\r
- $thumbnewname = $Prefix_thumb . postVar('newname');\r
+ $thumbnewname = $Prefix_thumb . $newfilename;\r
// $msg2 = rename($mediapath . $_POST[targetthumb], $mediapath . $thumbnewname);\r
$msg2 = media_rename($mediapath, postVar('targetthumb'), $thumbnewname);\r
if (!$msg2) {\r
</select>\r
<?php } else {\r
?>\r
- <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection)?>" />\r
+ <input name="collection" type="hidden" value="<?php echo htmlspecialchars($currentCollection); ?>" />\r
<?php } // if sizeof\r
?>\r
<br /><br />\r
$filename = strftime("%Y%m%d-", time()) . $filename;\r
}\r
\r
+ // Filename should not contain '/' or '\'.\r
+ if (preg_match('#(/|\\\\)#',$filename)) media_doError(_ERROR_DISALLOWED);\r
+\r
$collection = media_requestVar('collection');\r
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);\r
\r