« on: September 08, 2007, 03:02:29 PM »
Detail: This for check variable and valid remote file use.
Find:
$remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file'])));
$remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file'])));
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
replace:
$remote_media_file = (isset($HTTP_POST_VARS['remote_media_file']) && is_remote($HTTP_POST_VARS['remote_media_file'])) ? format_url(un_htmlspecialchars(trim((string)$HTTP_POST_VARS['remote_media_file']))) : "";
$remote_thumb_file = (isset($HTTP_POST_VARS['remote_thumb_file']) && is_remote($HTTP_POST_VARS['remote_thumb_file'])) ? format_url(un_htmlspecialchars(trim((string)$HTTP_POST_VARS['remote_thumb_file']))) : "";
$image_name = (isset($HTTP_POST_VARS['image_name']) && preg_match("/[A-Za-z0-9\-\_\.]/i", $HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_name'])) : "";
$image_description = (isset($HTTP_POST_VARS['image_description']) && preg_match("/[a-zA-Z0-9\.\,;:%&#@!\^-_~`\"'\[\]\{\}\*\/\?\(\)\n\r]/", $HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_description'])) : "";
$image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_keywords'])) : "";
« Last Edit: August 27, 2011, 02:08:56 PM by thunderstrike »
Logged
8 steps need when ask question -
- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?
