# if ($debug) $doc = DOMDocument::load("/tmp/test.opml");
- if (is_file($_FILES['opml_file']['tmp_name'])) {
+ if ($_FILES['opml_file']['error'] != 0) {
+ print_error(T_sprintf("Upload failed with error code %d",
+ $_FILES['opml_file']['error']));
+ return;
+ }
+
+ $tmp_file = false;
+
+ if (is_uploaded_file($_FILES['opml_file']['tmp_name'])) {
+ $tmp_file = tempnam(CACHE_DIR . '/upload', 'opml');
+
+ $result = move_uploaded_file($_FILES['opml_file']['tmp_name'],
+ $tmp_file);
+
+ if (!$result) {
+ print_error(__("Unable to move uploaded file."));
+ return;
+ }
+ } else {
+ print_error(__('Error: please upload OPML file.'));
+ return;
+ }
+
+ if (is_file($tmp_file)) {
$doc = new DOMDocument();
- $doc->load($_FILES['opml_file']['tmp_name']);
+ $doc->load($tmp_file);
+ unlink($tmp_file);
} else if (!$doc) {
- print_error(__('Error: please upload OPML file.'));
+ print_error(__('Error: unable to find moved OPML file.'));
return;
}
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
- unlink(ICONS_DIR . "/$feed_id.ico");
+ @unlink(ICONS_DIR . "/$feed_id.ico");
}
return;
function uploadicon() {
header("Content-type: text/html");
- $icon_file = $_FILES['icon_file']['tmp_name'];
+ $tmp_file = false;
+
+ if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) {
+ $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon');
+
+ $result = move_uploaded_file($_FILES['icon_file']['tmp_name'],
+ $tmp_file);
+
+ if (!$result) {
+ return;
+ }
+ } else {
+ return;
+ }
+
+ $icon_file = $tmp_file;
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
- unlink(ICONS_DIR . "/$feed_id.ico");
- move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico");
+ @unlink(ICONS_DIR . "/$feed_id.ico");
+ rename($icon_file, ICONS_DIR . "/$feed_id.ico");
$rc = 0;
} else {
$rc = 2;
$rc = 2;
}
+ @unlink($icon_file);
+
print "<script type=\"text/javascript\">";
print "parent.uploadIconHandler($rc);";
print "</script>";
}
function expire_cached_files($debug) {
- foreach (array("simplepie", "images", "export") as $dir) {
+ foreach (array("simplepie", "images", "export", "upload") as $dir) {
$cache_dir = CACHE_DIR . "/$dir";
if ($debug) _debug("Expiring $cache_dir");
array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)");
}
+ if (!is_writable(CACHE_DIR . "/upload")) {
+ array_push($errors, "Upload cache is not writable (chmod -R 777 ".CACHE_DIR."/upload)");
+ }
+
if (!is_writable(CACHE_DIR . "/export")) {
array_push($errors, "Data export cache is not writable (chmod -R 777 ".CACHE_DIR."/export)");
}
array_push($errors, "LOCK_DIRECTORY defined in config.php is not writable (chmod -R 777 ".LOCK_DIRECTORY.").\n");
}
- if (ini_get("open_basedir")) {
- array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
- }
-
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}
array_push($errors, "PHP version 5.3.0 or newer required.");
}
- if (ini_get("open_basedir")) {
- array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
- }
-
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}
$owner_uid = $_SESSION["uid"];
- if (is_file($_FILES['starred_file']['tmp_name'])) {
- $doc = json_decode(file_get_contents($_FILES['starred_file']['tmp_name']), true);
+ if ($_FILES['starred_file']['error'] != 0) {
+ print_error(T_sprintf("Upload failed with error code %d",
+ $_FILES['starred_file']['error']));
+ return;
+ }
+
+ $tmp_file = false;
+
+ if (is_uploaded_file($_FILES['starred_file']['tmp_name'])) {
+ $tmp_file = tempnam(CACHE_DIR . '/upload', 'starred');
+
+ $result = move_uploaded_file($_FILES['starred_file']['tmp_name'],
+ $tmp_file);
+
+ if (!$result) {
+ print_error(__("Unable to move uploaded file."));
+ return;
+ }
+ } else {
+ print_error(__('Error: please upload OPML file.'));
+ return;
+ }
+
+ if (is_file($tmp_file)) {
+ $doc = json_decode(file_get_contents($tmp_file), true);
+ unlink($tmp_file);
} else {
print_error(__('No file uploaded.'));
return;