extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 06:30:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

security fix

Browse Source
This commit is contained in:
Ralf Becker 2003-11-08 21:09:12 +00:00
parent 40c128aa4d
commit 2683990b6b
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
addressbook/csv_import.php
View File

@ -19,8 +19,20 @@
); );
include('../header.inc.php'); include('../header.inc.php');
if (isset($_FILES['csvfile']['tmp_name']))
{
$csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
$GLOBALS['phpgw']->session->appsession('csvfile','',$csvfile);
$_POST['action'] = move_uploaded_file($_FILES['csvfile']['tmp_name'],$csvfile) ?
'download' : '';
}
else
{
$csvfile = $GLOBALS['phpgw']->session->appsession('csvfile');
}
if ($_POST['cancel']) if ($_POST['cancel'])
{ {
@unlink($csvfile);
$GLOBALS['phpgw']->redirect_link('/addressbook/index.php'); $GLOBALS['phpgw']->redirect_link('/addressbook/index.php');
} }
$GLOBALS['phpgw_info']['flags']['app_header'] = lang('Import CSV-File into Addressbook'); $GLOBALS['phpgw_info']['flags']['app_header'] = lang('Import CSV-File into Addressbook');
@ -36,8 +48,6 @@
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle'); $GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle'); $GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb')))) if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
{ {
$_POST['action'] = ''; $_POST['action'] = '';
@ -134,7 +144,6 @@
$GLOBALS['phpgw']->template->set_var('submit',lang('Import')); $GLOBALS['phpgw']->template->set_var('submit',lang('Import'));
$GLOBALS['phpgw']->template->set_var('csvfile',$csvfile); $GLOBALS['phpgw']->template->set_var('csvfile',$csvfile);
$GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"'); $GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"');
$hiddenvars .= '<input type="hidden" name="action" value="download">'."\n";
$GLOBALS['phpgw']->template->parse('filenamehandle','filename'); $GLOBALS['phpgw']->template->parse('filenamehandle','filename');
break; break;
@ -214,15 +223,10 @@
$GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':''); $GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':'');
$GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter'); $GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter');
fclose($fp); fclose($fp);
if ($_POST['action'] == 'download')
{
$old = $csvfile; $csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
rename($old,$csvfile);
}
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array( $hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
'action' => 'import', 'action' => 'import',
'fieldsep'=> $_POST['fieldsep'], 'fieldsep'=> $_POST['fieldsep'],
'csvfile' => $csvfile,
'charset' => $_POST['charset'] 'charset' => $_POST['charset']
)); ));
$mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*).*$ASep@mktime(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)"; $mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*).*$ASep@mktime(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)";
@ -266,7 +270,6 @@
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array( $hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
'action' => 'continue', 'action' => 'continue',
'fieldsep'=> $_POST['fieldsep'], 'fieldsep'=> $_POST['fieldsep'],
'csvfile' => $csvfile,
'charset' => $_POST['charset'], 'charset' => $_POST['charset'],
'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0), 'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0),
'max' => $_POST['max'], 'max' => $_POST['max'],
@ -419,8 +422,7 @@
} }
if (is_array($auto_fn)) // autocreate full name if (is_array($auto_fn)) // autocreate full name
{ {
reset($auto_fn); foreach($auto_fn as $name)
while (list($idx,$name) = each($auto_fn))
{ {
$values['fn'] .= ($values['fn'] != '' && $values[$name] != '' ? ' ' : '') . $values[$name]; $values['fn'] .= ($values['fn'] != '' && $values[$name] != '' ? ' ' : '') . $values[$name];
} }