extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 10:12:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

possible security fix

Browse Source
This commit is contained in:
Miles Lott 2003-11-06 14:03:57 +00:00
parent 240131cbec
commit 3ae8be8eee
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
addressbook/csv_import.php
View File

@ -36,7 +36,9 @@
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
// $csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
// Possible fix for security issue.
$csvfile = $_FILES['csvfile']['tmp_name'];
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
{