possible security fix

This commit is contained in:
Miles Lott 2003-11-06 14:03:57 +00:00
parent 240131cbec
commit 3ae8be8eee

View File

@ -36,7 +36,9 @@
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
// $csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
// Possible fix for security issue.
$csvfile = $_FILES['csvfile']['tmp_name'];
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
{