diff options
| author | cassiopc <cassiopc@gmail.com> | 2012-10-25 09:25:31 +0000 |
|---|---|---|
| committer | cassiopc <cassiopc@gmail.com> | 2012-10-25 09:25:31 +0000 |
| commit | 04123f08ebfe7620273af4b71219afb21946494c (patch) | |
| tree | ff90710b0fe3427e60ae3ecf2858b803309bbe6a /boca-1.5.2/src/team/run.php | |
| parent | 8bd9922ca3841dbdf6210b75fcc9f2aa9de4e082 (diff) | |
| download | boca-04123f08ebfe7620273af4b71219afb21946494c.tar.gz boca-04123f08ebfe7620273af4b71219afb21946494c.zip | |
avoid namespaces in file names
Diffstat (limited to 'boca-1.5.2/src/team/run.php')
| -rw-r--r-- | boca-1.5.2/src/team/run.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/boca-1.5.2/src/team/run.php b/boca-1.5.2/src/team/run.php index 3879674..270a672 100644 --- a/boca-1.5.2/src/team/run.php +++ b/boca-1.5.2/src/team/run.php @@ -38,6 +38,10 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su MSGError("File size exceeds the limit allowed."); ForceLoad($runteam); } + if(strpos($name,' ') === true || strpos($temp,' ') === true) { + MSGError("File name cannot contain spaces."); + ForceLoad($runteam); + } if (!is_uploaded_file($temp) || strlen($name)>100) { IntrusionNotify("file upload problem."); ForceLoad("../index.php"); |