diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php index dacfabbedc..bea388e43f 100644 --- a/b2-include/b2functions.php +++ b/b2-include/b2functions.php @@ -1284,4 +1284,21 @@ function pingGeoURL($blog_ID) { getRemoteFile($host,$path); } + +// implementation of in_array that also should work on PHP3 +if (!function_exists('in_array')) { + + function in_array($needle, $haystack) { + $needle = strtolower($needle); + + for ($i = 0; $i < count($haystack); $i++) { + if (strtolower($haystack[$i]) == $needle) { + return true; + } + } + + return false; + } +} + ?> \ No newline at end of file diff --git a/wp-admin/b2upload.php b/wp-admin/b2upload.php index 09e70d1ef2..7543bb20a0 100644 --- a/wp-admin/b2upload.php +++ b/wp-admin/b2upload.php @@ -10,6 +10,8 @@ die ("Cheatin' uh ?"); if (!$use_fileupload) //Checks if file upload is enabled in the config die ("The admin disabled this function"); +$allowed_types = explode(" ", trim($fileupload_allowedtypes)); + ?> WordPress :: upload images/files @@ -92,9 +94,8 @@ function targetopener(blah, closeme, closeonly) { + $i = implode(", ", $allowed_types); +?>

File upload

You can upload files of type:

The maximum size of the file should be:
KB

@@ -135,9 +136,9 @@ if (!empty($HTTP_POST_VARS)) { //$img1_name != "") { $imgdesc = str_replace('"', '&quot;', $HTTP_POST_VARS['imgdesc']); $imgtype = explode(".",$img1_name); - $imgtype = " ".$imgtype[count($imgtype)-1]." "; + $imgtype = $imgtype[count($imgtype)-1]; - if (!ereg(strtolower($imgtype), strtolower($fileupload_allowedtypes))) { + if (in_array($imgtype, $allowed_types) == false) { die("File $img1_name of type $imgtype is not allowed."); } @@ -187,6 +188,7 @@ if (!empty($HTTP_POST_VARS)) { //$img1_name != "") { + Alternate name:


@@ -263,4 +265,4 @@ type: - \ No newline at end of file + diff --git a/wp-admin/upgrade-071-to-072.php b/wp-admin/upgrade-071-to-072.php index 8e89409efa..79abdcb2df 100644 --- a/wp-admin/upgrade-071-to-072.php +++ b/wp-admin/upgrade-071-to-072.php @@ -427,10 +427,10 @@ $option_data = array( "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(31,'use_fileupload', 2, '0', 'set this to false to disable file upload, or true to enable it', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(32,'fileupload_realpath', 3, '/home/your/site/wordpress/images', 'enter the real path of the directory where you\'ll upload the pictures \nif you\'re unsure about what your real path is, please ask your host\'s support staff \nnote that the directory must be writable by the webserver (chmod 766) \nnote for windows-servers users: use forwardslashes instead of backslashes', 8, 40)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(33,'fileupload_url', 3, 'http://example.com/images', 'enter the URL of that directory (it\'s used to generate the links to the uploded files)', 8, 40)", -"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, you can add to that list if you want. note: add a space before and after each file type. example: \' jpg gif png \'', 8, 20)", +"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, separated by spaces. example: \'jpg gif png\'', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(35,'fileupload_maxk', 1, '96', 'by default, most servers limit the size of uploads to 2048 KB, if you want to set it to a lower value, here it is (you cannot set a higher value than your server limit)', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(36,'fileupload_minlevel', 1, '1', 'you may not want all users to upload pictures/files, so you can set a minimum level for this', 8, 20)", -"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces if you leave that variable blank, all users who have the minimum level are authorized to upload note: add a space before and after each login name example: \' barbara anne \'', 8, 30)", +"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces. if you leave this variable blank, all users who have the minimum level are authorized to upload. example: \'barbara anne george\'', 8, 30)", // email settings "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(38,'mailserver_url', 3, 'mail.example.com', 'mailserver settings', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(39,'mailserver_login', 3, 'login@example.com', 'mailserver settings', 8, 20)", @@ -526,7 +526,7 @@ $option_data = array( "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'monthly', 'monthly', null,null,3)", "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'postbypost','post by post',null,null,4)", // select data for time diff -"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, null, null, 13, -13, null)", +"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, 'hours', 'hours', 23, -23, null)", // select data for start of week "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '0', 'Sunday', null,null,1)", "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '1', 'Monday', null,null,2)", diff --git a/wp-admin/wp-edit.form.php b/wp-admin/wp-edit.form.php index 98f37b4ec4..ae46394267 100644 --- a/wp-admin/wp-edit.form.php +++ b/wp-admin/wp-edit.form.php @@ -3,6 +3,8 @@

-= $fileupload_minlevel) && ((ereg(" ".$user_login." ", $fileupload_allowedusers)) || (trim($fileupload_allowedusers)=="")) ) { ?> += $fileupload_minlevel) && (in_array($user_login, $allowed_users) || (trim($fileupload_allowedusers)=="")) ) { ?> -
\ No newline at end of file + diff --git a/wp-admin/wp-install.php b/wp-admin/wp-install.php index 82646885ee..a2a668ee61 100644 --- a/wp-admin/wp-install.php +++ b/wp-admin/wp-install.php @@ -406,10 +406,10 @@ $option_data = array( "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(31,'use_fileupload', 2, '0', 'set this to false to disable file upload, or true to enable it', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(32,'fileupload_realpath', 3, '/home/your/site/wordpress/images', 'enter the real path of the directory where you\'ll upload the pictures \nif you\'re unsure about what your real path is, please ask your host\'s support staff \nnote that the directory must be writable by the webserver (chmod 766) \nnote for windows-servers users: use forwardslashes instead of backslashes', 8, 40)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(33,'fileupload_url', 3, 'http://example.com/images', 'enter the URL of that directory (it\'s used to generate the links to the uploded files)', 8, 40)", -"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, you can add to that list if you want. note: add a space before and after each file type. example: \' jpg gif png \'', 8, 20)", +"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, 'jpg gif png', 'accepted file types, separated by spaces. example: \'jpg gif png\'', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(35,'fileupload_maxk', 1, '96', 'by default, most servers limit the size of uploads to 2048 KB, if you want to set it to a lower value, here it is (you cannot set a higher value than your server limit)', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(36,'fileupload_minlevel', 1, '1', 'you may not want all users to upload pictures/files, so you can set a minimum level for this', 8, 20)", -"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces if you leave that variable blank, all users who have the minimum level are authorized to upload note: add a space before and after each login name example: \' barbara anne \'', 8, 30)", +"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces. if you leave this variable blank, all users who have the minimum level are authorized to upload. example: \'barbara anne george\'', 8, 30)", // email settings "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(38,'mailserver_url', 3, 'mail.example.com', 'mailserver settings', 8, 20)", "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(39,'mailserver_login', 3, 'login@example.com', 'mailserver settings', 8, 20)", @@ -505,7 +505,7 @@ $option_data = array( "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'monthly', 'monthly', null,null,3)", "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'postbypost','post by post',null,null,4)", // select data for time diff -"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, null, null, 13, -13, null)", +"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, 'hours', 'hours', 23, -23, null)", // select data for start of week "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '0', 'Sunday', null,null,1)", "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '1', 'Monday', null,null,2)",