forked from extern/egroupware
possible security fix
This commit is contained in:
parent
240131cbec
commit
3ae8be8eee
@ -36,7 +36,9 @@
|
||||
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
|
||||
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
|
||||
|
||||
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
|
||||
// $csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
|
||||
// Possible fix for security issue.
|
||||
$csvfile = $_FILES['csvfile']['tmp_name'];
|
||||
|
||||
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user