mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
security fix
This commit is contained in:
parent
40c128aa4d
commit
2683990b6b
@ -19,8 +19,20 @@
|
|||||||
);
|
);
|
||||||
include('../header.inc.php');
|
include('../header.inc.php');
|
||||||
|
|
||||||
|
if (isset($_FILES['csvfile']['tmp_name']))
|
||||||
|
{
|
||||||
|
$csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
|
||||||
|
$GLOBALS['phpgw']->session->appsession('csvfile','',$csvfile);
|
||||||
|
$_POST['action'] = move_uploaded_file($_FILES['csvfile']['tmp_name'],$csvfile) ?
|
||||||
|
'download' : '';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$csvfile = $GLOBALS['phpgw']->session->appsession('csvfile');
|
||||||
|
}
|
||||||
if ($_POST['cancel'])
|
if ($_POST['cancel'])
|
||||||
{
|
{
|
||||||
|
@unlink($csvfile);
|
||||||
$GLOBALS['phpgw']->redirect_link('/addressbook/index.php');
|
$GLOBALS['phpgw']->redirect_link('/addressbook/index.php');
|
||||||
}
|
}
|
||||||
$GLOBALS['phpgw_info']['flags']['app_header'] = lang('Import CSV-File into Addressbook');
|
$GLOBALS['phpgw_info']['flags']['app_header'] = lang('Import CSV-File into Addressbook');
|
||||||
@ -36,8 +48,6 @@
|
|||||||
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
|
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
|
||||||
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
|
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
|
||||||
|
|
||||||
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
|
|
||||||
|
|
||||||
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
|
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
|
||||||
{
|
{
|
||||||
$_POST['action'] = '';
|
$_POST['action'] = '';
|
||||||
@ -134,7 +144,6 @@
|
|||||||
$GLOBALS['phpgw']->template->set_var('submit',lang('Import'));
|
$GLOBALS['phpgw']->template->set_var('submit',lang('Import'));
|
||||||
$GLOBALS['phpgw']->template->set_var('csvfile',$csvfile);
|
$GLOBALS['phpgw']->template->set_var('csvfile',$csvfile);
|
||||||
$GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"');
|
$GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"');
|
||||||
$hiddenvars .= '<input type="hidden" name="action" value="download">'."\n";
|
|
||||||
|
|
||||||
$GLOBALS['phpgw']->template->parse('filenamehandle','filename');
|
$GLOBALS['phpgw']->template->parse('filenamehandle','filename');
|
||||||
break;
|
break;
|
||||||
@ -214,15 +223,10 @@
|
|||||||
$GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':'');
|
$GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':'');
|
||||||
$GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter');
|
$GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter');
|
||||||
fclose($fp);
|
fclose($fp);
|
||||||
if ($_POST['action'] == 'download')
|
|
||||||
{
|
|
||||||
$old = $csvfile; $csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
|
|
||||||
rename($old,$csvfile);
|
|
||||||
}
|
|
||||||
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
|
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
|
||||||
'action' => 'import',
|
'action' => 'import',
|
||||||
'fieldsep'=> $_POST['fieldsep'],
|
'fieldsep'=> $_POST['fieldsep'],
|
||||||
'csvfile' => $csvfile,
|
|
||||||
'charset' => $_POST['charset']
|
'charset' => $_POST['charset']
|
||||||
));
|
));
|
||||||
$mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*).*$ASep@mktime(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)";
|
$mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*).*$ASep@mktime(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)";
|
||||||
@ -266,7 +270,6 @@
|
|||||||
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
|
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
|
||||||
'action' => 'continue',
|
'action' => 'continue',
|
||||||
'fieldsep'=> $_POST['fieldsep'],
|
'fieldsep'=> $_POST['fieldsep'],
|
||||||
'csvfile' => $csvfile,
|
|
||||||
'charset' => $_POST['charset'],
|
'charset' => $_POST['charset'],
|
||||||
'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0),
|
'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0),
|
||||||
'max' => $_POST['max'],
|
'max' => $_POST['max'],
|
||||||
@ -419,8 +422,7 @@
|
|||||||
}
|
}
|
||||||
if (is_array($auto_fn)) // autocreate full name
|
if (is_array($auto_fn)) // autocreate full name
|
||||||
{
|
{
|
||||||
reset($auto_fn);
|
foreach($auto_fn as $name)
|
||||||
while (list($idx,$name) = each($auto_fn))
|
|
||||||
{
|
{
|
||||||
$values['fn'] .= ($values['fn'] != '' && $values[$name] != '' ? ' ' : '') . $values[$name];
|
$values['fn'] .= ($values['fn'] != '' && $values[$name] != '' ? ' ' : '') . $values[$name];
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user