[pkg-horde] [SCM] Debian Horde Packages repository: horde3 package branch, debian-etch, updated. 0a71866537d0bd896fda156ba83be746483714a4
Gregory Colpart
gcolpart at ioakim2.evolix.net
Tue Sep 22 22:27:34 UTC 2009
The following commit has been merged in the debian-etch branch:
commit 0a71866537d0bd896fda156ba83be746483714a4
Author: Gregory Colpart <gcolpart at ioakim2.evolix.net>
Date: Wed Sep 23 00:23:44 2009 +0200
Backport security patch from Horde upstream
diff --git a/lib/Horde/Form.php b/lib/Horde/Form.php
index 7634286..89a6e26 100644
--- a/lib/Horde/Form.php
+++ b/lib/Horde/Form.php
@@ -1516,7 +1516,14 @@ class Horde_Form_Type_image extends Horde_Form_Type {
*
* @var array
*/
- var $_img = array();
+ var $_img;
+
+ /**
+ * A random id that identifies the image information in the session data.
+ *
+ * @var string
+ */
+ var $_random;
function init($show_upload = true, $show_keeporig = false)
{
@@ -1527,7 +1534,7 @@ class Horde_Form_Type_image extends Horde_Form_Type {
function onSubmit(&$var, &$vars)
{
/* Get the upload. */
- $this->_getUpload($vars, $var);
+ $this->getImage($vars, $var);
/* If this was done through the upload button override the submitted
* value of the form. */
@@ -1538,25 +1545,24 @@ class Horde_Form_Type_image extends Horde_Form_Type {
function isValid(&$var, &$vars, $value, &$message)
{
- $field = $vars->get($var->getVarName());
-
/* Get the upload. */
- $this->_getUpload($vars, $var);
+ $this->getImage($vars, $var);
+ $field = $vars->get($var->getVarName());
/* The upload generated a PEAR Error. */
if (is_a($this->_uploaded, 'PEAR_Error')) {
/* Not required and no image upload attempted. */
- if (!$var->isRequired() && empty($field['img']) &&
+ if (!$var->isRequired() && empty($field['hash']) &&
$this->_uploaded->getCode() == 4) {
return true;
}
if (($this->_uploaded->getCode() == UPLOAD_ERR_NO_FILE) &&
- empty($field['img'])) {
+ empty($field['hash'])) {
/* Nothing uploaded and no older upload. */
$message = _("This field is required.");
return false;
- } elseif (!empty($field['img'])) {
+ } elseif (!empty($field['hash'])) {
/* Nothing uploaded but older upload present. */
return true;
} else {
@@ -1572,11 +1578,11 @@ class Horde_Form_Type_image extends Horde_Form_Type {
function getInfo(&$vars, &$var, &$info)
{
/* Get the upload. */
- $this->_getUpload($vars, $var);
+ $this->getImage($vars, $var);
/* Get image params stored in the hidden field. */
$value = $var->getValue($vars);
- $info = $this->_img;
+ $info = $this->_img['img'];
if (empty($info['file'])) {
unset($info['file']);
return;
@@ -1631,7 +1637,7 @@ class Horde_Form_Type_image extends Horde_Form_Type {
if ($this->_uploaded === true) {
/* A file has been uploaded on this submit. Save to temp dir for
* preview work. */
- $this->_img['type'] = $this->getUploadedFileType($varname . '[new]');
+ $this->_img['img']['type'] = $this->getUploadedFileType($varname . '[new]');
/* Get the other parts of the upload. */
require_once 'Horde/Array.php';
@@ -1639,19 +1645,22 @@ class Horde_Form_Type_image extends Horde_Form_Type {
/* Get the temporary file name. */
$keys_path = array_merge(array($base, 'tmp_name'), $keys);
- $this->_img['file'] = Horde_Array::getElement($_FILES, $keys_path);
+ $this->_img['img']['file'] = Horde_Array::getElement($_FILES, $keys_path);
/* Get the actual file name. */
$keys_path= array_merge(array($base, 'name'), $keys);
- $this->_img['name'] = Horde_Array::getElement($_FILES, $keys_path);
+ $this->_img['img']['name'] = Horde_Array::getElement($_FILES, $keys_path);
/* Get the file size. */
$keys_path= array_merge(array($base, 'size'), $keys);
- $this->_img['size'] = Horde_Array::getElement($_FILES, $keys_path);
+ $this->_img['img']['size'] = Horde_Array::getElement($_FILES, $keys_path);
/* Get any existing values for the image upload field. */
$upload = $vars->get($var->getVarName());
- $upload['img'] = @unserialize($upload['img']);
+ if (!empty($upload['hash'])) {
+ $upload['img'] = $_SESSION['horde_form'][$upload['hash']];
+ unset($_SESSION['horde_form'][$upload['hash']]);
+ }
/* Get the temp file if already one uploaded, otherwise create a
* new temporary file. */
@@ -1662,17 +1671,16 @@ class Horde_Form_Type_image extends Horde_Form_Type {
}
/* Move the browser created temp file to the new temp file. */
- move_uploaded_file($this->_img['file'], $tmp_file);
- $this->_img['file'] = basename($tmp_file);
-
- /* Store the uploaded image file data to the hidden field. */
- $upload['img'] = serialize($this->_img);
- $vars->set($var->getVarName(), $upload);
+ move_uploaded_file($this->_img['img']['file'], $tmp_file);
+ $this->_img['img']['file'] = basename($tmp_file);
} elseif ($this->_uploaded) {
/* File has not been uploaded. */
$upload = $vars->get($var->getVarName());
- if ($this->_uploaded->getCode() == 4 && !empty($upload['img'])) {
- $this->_img = @unserialize($upload['img']);
+ if ($this->_uploaded->getCode() == 4 &&
+ !empty($upload['hash']) &&
+ isset($_SESSION['horde_form'][$upload['hash']])) {
+ $this->_img['img'] = $_SESSION['horde_form'][$upload['hash']];
+ unset($_SESSION['horde_form'][$upload['hash']]);
}
}
}
@@ -1725,6 +1733,27 @@ class Horde_Form_Type_image extends Horde_Form_Type {
}
/**
+ * Returns the current image information.
+ *
+ * @return array The current image hash.
+ */
+ function getImage($vars, $var)
+ {
+ $this->_getUpload($vars, $var);
+ if (!isset($this->_img)) {
+ $image = $vars->get($var->getVarName());
+ if ($image) {
+ $this->loadImageData($image);
+ if (isset($image['img'])) {
+ $this->_img = $image;
+ $_SESSION['horde_form'][$this->getRandomId()] = $this->_img['img'];
+ }
+ }
+ }
+ return $this->_img;
+ }
+
+ /**
* Loads any existing image data into the image field. Requires that the
* array $image passed to it contains the structure:
* $image['load']['file'] - the filename of the image;
@@ -1748,10 +1777,18 @@ class Horde_Form_Type_image extends Horde_Form_Type {
fclose($fd);
}
- $image['img'] = serialize(array('file' => $image['load']['file']));
+ $image['img'] = array('file' => $image['load']['file']);
unset($image['load']);
}
+ function getRandomId()
+ {
+ if (!isset($this->_random)) {
+ $this->_random = uniqid(mt_rand());
+ }
+ return $this->_random;
+ }
+
/**
* Return info about field type.
*/
diff --git a/lib/Horde/UI/VarRenderer/html.php b/lib/Horde/UI/VarRenderer/html.php
index 2445f80..656e864 100644
--- a/lib/Horde/UI/VarRenderer/html.php
+++ b/lib/Horde/UI/VarRenderer/html.php
@@ -145,10 +145,7 @@ class Horde_UI_VarRenderer_html extends Horde_UI_VarRenderer {
function _renderVarInput_image(&$form, &$var, &$vars)
{
$varname = htmlspecialchars($var->getVarName());
- $image = $var->getValue($vars);
-
- /* Check if existing image data is being loaded. */
- $var->type->_loadImageData($image);
+ $image = $var->type->getImage($vars, $var);
Horde::addScriptFile('image.js', 'horde', true);
$graphics_dir = $GLOBALS['registry']->getImageDir('horde');
@@ -158,13 +155,11 @@ class Horde_UI_VarRenderer_html extends Horde_UI_VarRenderer {
/* Check if there is existing img information stored. */
if (isset($image['img'])) {
- /* Hidden tag to store the preview image filename. */
+ /* Hidden tag to store the preview image id. */
$html = sprintf('<input type="hidden" name="%s" id="%s" value="%s" />',
- $varname . '[img]',
- $varname . '[img]',
- @htmlspecialchars($image['img'], ENT_QUOTES, $this->_charset));
- /* Unserialize the img information to get the full array. */
- $image['img'] = @unserialize($image['img']);
+ $varname . '[hash]',
+ $varname . '[hash]',
+ $var->type->getRandomId());
}
/* Output the input tag. */
--
Debian Horde Packages repository: horde3 package
More information about the pkg-horde-hackers
mailing list