git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
issue: secure against external form submissions
[minimedit.git]
/
widget
/
reply.php
diff --git
a/widget/reply.php
b/widget/reply.php
index 0935567e82ecb51ba2aeb4ff0a6717b50e313abe..0a0e4e55848f275380f7a3d97ef910382e0545e7 100644
(file)
--- a/
widget/reply.php
+++ b/
widget/reply.php
@@
-4,6
+4,7
@@
require_once 'database.inc.php';
$journalcol = [
'assign' => 'Toegewezen aan',
$journalcol = [
'assign' => 'Toegewezen aan',
+ 'subject' => 'Onderwerp',
];
if ($_POST) {
];
if ($_POST) {
@@
-17,7
+18,14
@@
if ($_POST) {
}
$target .= '/' . $User->login;
if ($result = userupload($_FILES['image'], $target)) {
}
$target .= '/' . $User->login;
if ($result = userupload($_FILES['image'], $target)) {
- $html .= sprintf('<p><img src="/thumb/640x/%s" /></p>', $result);
+ if (preg_match('(^image/)', $_FILES['image']['type'])) {
+ $html .= sprintf('<p><img src="/thumb/640x/%s" /></p>', $result);
+ }
+ else {
+ $html .= sprintf('<p>Bijgevoegd bestand: <a href="/%s" />%s</a></p>',
+ $result, basename($result)
+ );
+ }
}
}
$query = $Db->set('comments', [
}
}
$query = $Db->set('comments', [