From 9aa628e64b9f67fc335efea39668f12bd411f0a8 Mon Sep 17 00:00:00 2001
From: Dougal Campbell <dougal@git.wordpress.org>
Date: Fri, 17 Oct 2003 19:26:05 +0000
Subject: [PATCH] Applying patches from otaku42: Fix two bugs in images
 uploads. Fix time_difference limitations.

git-svn-id: https://develop.svn.wordpress.org/trunk@456 602fd350-edb4-49c9-b593-d223f7449a82
---
 b2-include/b2functions.php      | 17 +++++++++++++++++
 wp-admin/b2upload.php           | 14 ++++++++------
 wp-admin/upgrade-071-to-072.php |  6 +++---
 wp-admin/wp-edit.form.php       |  6 ++++--
 wp-admin/wp-install.php         |  6 +++---
 5 files changed, 35 insertions(+), 14 deletions(-)

diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php
index dacfabbedc..bea388e43f 100644
--- a/b2-include/b2functions.php
+++ b/b2-include/b2functions.php
@@ -1284,4 +1284,21 @@ function pingGeoURL($blog_ID) {
     getRemoteFile($host,$path); 
 }
 
+
+// implementation of in_array that also should work on PHP3
+if (!function_exists('in_array')) {
+
+	function in_array($needle, $haystack) {
+	    $needle = strtolower($needle);
+	    
+	    for ($i = 0; $i < count($haystack); $i++) {
+		if (strtolower($haystack[$i]) == $needle) {
+		    return true;
+		}
+	    }
+	
+	    return false;
+	}
+}
+
 ?>
\ No newline at end of file
diff --git a/wp-admin/b2upload.php b/wp-admin/b2upload.php
index 09e70d1ef2..7543bb20a0 100644
--- a/wp-admin/b2upload.php
+++ b/wp-admin/b2upload.php
@@ -10,6 +10,8 @@ die ("Cheatin' uh ?");
 if (!$use_fileupload) //Checks if file upload is enabled in the config
 die ("The admin disabled this function");
 
+$allowed_types = explode(" ", trim($fileupload_allowedtypes));
+
 ?><html>
 <head>
 <title>WordPress :: upload images/files</title>
@@ -92,9 +94,8 @@ function targetopener(blah, closeme, closeonly) {
 <?php
 
 if (!$HTTP_POST_VARS["submit"]) {
-	$i = explode(" ",$fileupload_allowedtypes);
-	$i = implode(", ",array_slice($i, 1, count($i)-2));
-	?>
+	$i = implode(", ", $allowed_types);
+?>
 	<p><strong>File upload</strong></p>
 	<p>You can upload files of type:<br /><em><?php echo $i ?></em></p>
 	<p>The maximum size of the file should be:<br /><em><?php echo $fileupload_maxk ?> KB</em></p>
@@ -135,9 +136,9 @@ if (!empty($HTTP_POST_VARS)) { //$img1_name != "") {
 	$imgdesc = str_replace('"', '&amp;quot;', $HTTP_POST_VARS['imgdesc']);
 
 	$imgtype = explode(".",$img1_name);
-	$imgtype = " ".$imgtype[count($imgtype)-1]." ";
+	$imgtype = $imgtype[count($imgtype)-1];
 
-	if (!ereg(strtolower($imgtype), strtolower($fileupload_allowedtypes))) {
+	if (in_array($imgtype, $allowed_types) == false) {
 	    die("File $img1_name of type $imgtype is not allowed.");
 	}
 
@@ -187,6 +188,7 @@ if (!empty($HTTP_POST_VARS)) { //$img1_name != "") {
 	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $fileupload_maxk*1024 ?>" />
 	<input type="hidden" name="img1_type" value="<?php echo $img1_type;?>" />
 	<input type="hidden" name="img1_name" value="<?php echo $img2_name;?>" />
+	<input type="hidden" name="img1_size" value="<?php echo $img1_size;?>" />
 	<input type="hidden" name="img1" value="<?php echo $pathtofile2;?>" />
 	Alternate name:<br /><input type="text" name="imgalt" size="30" class="uploadform" value="<?php echo $img2_name;?>" /><br />
 	<br />
@@ -263,4 +265,4 @@ type:
 
 </body>
 
-</html>
\ No newline at end of file
+</html>
diff --git a/wp-admin/upgrade-071-to-072.php b/wp-admin/upgrade-071-to-072.php
index 8e89409efa..79abdcb2df 100644
--- a/wp-admin/upgrade-071-to-072.php
+++ b/wp-admin/upgrade-071-to-072.php
@@ -427,10 +427,10 @@ $option_data = array(
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(31,'use_fileupload', 2, '0', 'set this to false to disable file upload, or true to enable it', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(32,'fileupload_realpath', 3, '/home/your/site/wordpress/images', 'enter the real path of the directory where you\'ll upload the pictures \nif you\'re unsure about what your real path is, please ask your host\'s support staff \nnote that the  directory must be writable by the webserver (chmod 766) \nnote for windows-servers users: use forwardslashes instead of backslashes', 8, 40)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(33,'fileupload_url', 3, 'http://example.com/images', 'enter the URL of that directory (it\'s used to generate the links to the uploded files)', 8, 40)",
-"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, you can add to that list if you want. note: add a space before and after each file type. example: \' jpg gif png \'', 8, 20)",
+"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, separated by spaces. example: \'jpg gif png\'', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(35,'fileupload_maxk', 1, '96', 'by default, most servers limit the size of uploads to 2048 KB, if you want to set it to a lower value, here it is (you cannot set a higher value than your server limit)', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(36,'fileupload_minlevel', 1, '1', 'you may not want all users to upload pictures/files, so you can set a minimum level for this', 8, 20)",
-"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces if you leave that variable blank, all users who have the minimum level are authorized to upload note: add a space before and after each login name example: \' barbara anne \'', 8, 30)",
+"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces. if you leave this variable blank, all users who have the minimum level are authorized to upload. example: \'barbara anne george\'', 8, 30)",
 // email settings
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(38,'mailserver_url', 3, 'mail.example.com', 'mailserver settings', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(39,'mailserver_login', 3, 'login@example.com', 'mailserver settings', 8, 20)",
@@ -526,7 +526,7 @@ $option_data = array(
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'monthly',   'monthly',     null,null,3)",
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'postbypost','post by post',null,null,4)",
 // select data for time diff
-"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, null, null, 13, -13, null)",
+"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, 'hours', 'hours', 23, -23, null)",
 // select data for start of week
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '0', 'Sunday',   null,null,1)",
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '1', 'Monday',   null,null,2)",
diff --git a/wp-admin/wp-edit.form.php b/wp-admin/wp-edit.form.php
index 98f37b4ec4..ae46394267 100644
--- a/wp-admin/wp-edit.form.php
+++ b/wp-admin/wp-edit.form.php
@@ -3,6 +3,8 @@
 <div class="wrap">
 <?php
 
+$allowed_users = explode(" ", trim($fileupload_allowedusers));
+
 function selected($selected, $current) {
 	if ($selected == $current) echo ' selected="selected"';
 }
@@ -206,7 +208,7 @@ if (get_settings('use_geo_positions')) {
 <p><input type="submit" name="submit" value="<?php echo $submitbutton_text ?>" class="search" style="font-weight: bold;" tabindex="6" /></p>
 
 
-<?php if ( ($use_fileupload) && ($user_level >= $fileupload_minlevel) && ((ereg(" ".$user_login." ", $fileupload_allowedusers)) || (trim($fileupload_allowedusers)=="")) ) { ?>
+<?php if ( ($use_fileupload) && ($user_level >= $fileupload_minlevel) && (in_array($user_login, $allowed_users) || (trim($fileupload_allowedusers)=="")) ) { ?>
 <input type="button" value="upload a file/image" onclick="launchupload();" class="search"  tabindex="10" />
 <?php }
 
@@ -222,4 +224,4 @@ if ('edit' == $action) echo "
 ?>
 
 </form>
-</div>
\ No newline at end of file
+</div>
diff --git a/wp-admin/wp-install.php b/wp-admin/wp-install.php
index 82646885ee..a2a668ee61 100644
--- a/wp-admin/wp-install.php
+++ b/wp-admin/wp-install.php
@@ -406,10 +406,10 @@ $option_data = array(
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(31,'use_fileupload', 2, '0', 'set this to false to disable file upload, or true to enable it', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(32,'fileupload_realpath', 3, '/home/your/site/wordpress/images', 'enter the real path of the directory where you\'ll upload the pictures \nif you\'re unsure about what your real path is, please ask your host\'s support staff \nnote that the  directory must be writable by the webserver (chmod 766) \nnote for windows-servers users: use forwardslashes instead of backslashes', 8, 40)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(33,'fileupload_url', 3, 'http://example.com/images', 'enter the URL of that directory (it\'s used to generate the links to the uploded files)', 8, 40)",
-"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, ' jpg gif png ', 'accepted file types, you can add to that list if you want. note: add a space before and after each file type. example: \' jpg gif png \'', 8, 20)",
+"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(34,'fileupload_allowedtypes', 3, 'jpg gif png', 'accepted file types, separated by spaces. example: \'jpg gif png\'', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(35,'fileupload_maxk', 1, '96', 'by default, most servers limit the size of uploads to 2048 KB, if you want to set it to a lower value, here it is (you cannot set a higher value than your server limit)', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(36,'fileupload_minlevel', 1, '1', 'you may not want all users to upload pictures/files, so you can set a minimum level for this', 8, 20)",
-"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces if you leave that variable blank, all users who have the minimum level are authorized to upload note: add a space before and after each login name example: \' barbara anne \'', 8, 30)",
+"INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(37,'fileupload_allowedusers', 3, '', '...or you may authorize only some users. enter their logins here, separated by spaces. if you leave this variable blank, all users who have the minimum level are authorized to upload. example: \'barbara anne george\'', 8, 30)",
 // email settings
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(38,'mailserver_url', 3, 'mail.example.com', 'mailserver settings', 8, 20)",
 "INSERT INTO $tableoptions (option_id, option_name, option_type, option_value, option_description, option_admin_level, option_width) VALUES(39,'mailserver_login', 3, 'login@example.com', 'mailserver settings', 8, 20)",
@@ -505,7 +505,7 @@ $option_data = array(
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'monthly',   'monthly',     null,null,3)",
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (50, 'postbypost','post by post',null,null,4)",
 // select data for time diff
-"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, null, null, 13, -13, null)",
+"INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (51, 'hours', 'hours', 23, -23, null)",
 // select data for start of week
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '0', 'Sunday',   null,null,1)",
 "INSERT INTO $tableoptionvalues (option_id, optionvalue, optionvalue_desc, optionvalue_max, optionvalue_min, optionvalue_seq) VALUES (9, '1', 'Monday',   null,null,2)",