Hi
Dne Thu, 4 Aug 2011 19:37:43 +0200
Dieter Adriaenssens <dieter.adriaenssens(a)gmail.com> napsal(a):
Just a question about the code :
$extension = $allowed[$_REQUEST['type']];
$valid_match = '/^[^\n\r]*\.' . $extension . '$/';
if (! preg_match($valid_match, $_REQUEST['filename'])) {
if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
/* Add extension */
$filename = 'dowload.' . $extension;
} else {
/* Filename is unsafe, discard it */
$filename = $_REQUEST['filename'] . '.' . $extension;
}
1) Shouldn't the two comments in the then/else be switched?
2) 'dowload', is this a typo?
Both fixed, thanks for spotting it.
--
Michal Čihař |
http://cihar.com |
http://phpmyadmin.cz