
Hi Dne Thu, 4 Aug 2011 19:37:43 +0200 Dieter Adriaenssens <dieter.adriaenssens@gmail.com> napsal(a):
Just a question about the code :
$extension = $allowed[$_REQUEST['type']]; $valid_match = '/^[^\n\r]*\.' . $extension . '$/'; if (! preg_match($valid_match, $_REQUEST['filename'])) { if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) { /* Add extension */ $filename = 'dowload.' . $extension; } else { /* Filename is unsafe, discard it */ $filename = $_REQUEST['filename'] . '.' . $extension; }
1) Shouldn't the two comments in the then/else be switched? 2) 'dowload', is this a typo?
Both fixed, thanks for spotting it. -- Michal Čihař | http://cihar.com | http://phpmyadmin.cz