function SaveAllFilesToRepository() { global $aFileVars, $FILE_REPOSITORY; if (!FILEUPLOADS || $FILE_REPOSITORY === "") { // // nothing to do // return true; } foreach ($aFileVars as $m_file_key => $a_upload) { // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for "name". // if (!isset($a_upload["tmp_name"]) || empty($a_upload["tmp_name"]) || !isset($a_upload["name"]) || empty($a_upload["name"])) { continue; } if (isset($a_upload["in_repository"]) && $a_upload["in_repository"]) { // // already saved // continue; } if (!IsUploadedFile($a_upload)) { SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload["name"], "TEMP" => $a_upload["tmp_name"], "FLD" => $m_file_key))); continue; } if (!SaveFileInRepository($aFileVars[$m_file_key])) { return false; } // // Now the file has been saved in the repository, make // the field persistent through all further processing // (e.g. all movements in a multi-page form) // if (IsSetSession("FormSavedFiles")) { $a_saved_files = GetSession("FormSavedFiles"); } else { $a_saved_files = array(); } $a_saved_files["repository_" . $m_file_key] = $aFileVars[$m_file_key]; SetSession("FormSavedFiles", $a_saved_files); } return true; }
function SaveAllFilesToRepository() { global $aFileVars; if (!FILEUPLOADS || $FILE_REPOSITORY === "") { // // nothing to do // return true; } foreach ($aFileVars as $m_file_key => $a_upload) { // // One customer reported: // Possible file upload attack detected: name='' temp name='none' // on PHP 4.1.2 on RAQ4. // So, we now also test for 'name'. // if (!isset($a_upload['tmp_name']) || empty($a_upload['tmp_name']) || !isset($a_upload['name']) || empty($a_upload['name'])) { continue; } if (isset($a_upload['in_repository']) && $a_upload['in_repository']) { // // already saved // continue; } if (!IsUploadedFile($a_upload)) { SendAlert(GetMessage(MSG_FILE_UPLOAD_ATTACK, array("NAME" => $a_upload['name'], "TEMP" => $a_upload['tmp_name'], "FLD" => $m_file_key))); continue; } if (!SaveFileInRepository($aFileVars[$m_file_key])) { return false; } } return true; }