Changeset 1648

Timestamp:

2008-02-28 10:51:35 (6 months ago)

Author:

wwalc

Message:

Fix for #1945 - sanitizing control characters in PHP.

Files:

• FCKeditor/trunk/editor/filemanager/connectors/php/io.php (modified) (4 diffs)

FCKeditor/trunk/editor/filemanager/connectors/php/io.php

@@ -151 +151 @@
 function GetRootPath()
 {
-    if (!isset($_SERVER)) {
-        global $_SERVER;
-    }
+        if (!isset($_SERVER)) {
+                global $_SERVER;
+        }
         $sRealPath = realpath( './' ) ;
 
@@ -224 +224 @@
 function GetCurrentFolder()
 {
-    if (!isset($_GET)) {
-        global $_GET;
-    }
+        if (!isset($_GET)) {
+                global $_GET;
+        }
         $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
 
         // Check the current folder syntax (must begin and start with a slash).
-        if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
-        if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ;
+        if ( !preg_match( '|/$|', $sCurrentFolder ) ) 
+                $sCurrentFolder .= '/' ;
+        if ( strpos( $sCurrentFolder, '/' ) !== 0 ) 
+                $sCurrentFolder = '/' . $sCurrentFolder ;
 
         // Ensure the folder path has no double-slashes
@@ -251 +253 @@
 
         // Remove . \ / | : ? * " < >
-        $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFolderName ) ;
+        $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
 
         return $sNewFolderName ;
@@ -268 +270 @@
 
         // Remove \ / | : ? * " < >
-        $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFileName ) ;
+        $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
 
         return $sNewFileName ;