From 5fe7ec44fb7cf5fb9b88101707dd2aa3f34a0db3 Mon Sep 17 00:00:00 2001
From: x2003bruneau <x2003bruneau@839d8a87-29fc-0310-9880-83ba4fa771e5>
Date: Sun, 24 Dec 2006 11:31:47 +0000
Subject: [PATCH] Test if the file is uploaded before processing it

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1314 839d8a87-29fc-0310-9880-83ba4fa771e5
---
 modules/email.php            |  2 +-
 modules/profile.php          | 18 +++++++++++-------
 modules/xnetgrp/mail.inc.php |  2 +-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/modules/email.php b/modules/email.php
index c053cfb..2f924bc 100644
--- a/modules/email.php
+++ b/modules/email.php
@@ -335,7 +335,7 @@ class EmailModule extends PLModule
                 if (!empty($bcc)) { $mymail->addBcc($bcc); }
                 if (!empty($to2)) { $mymail->addTo($to2); }
                 if (!empty($cc2)) { $mymail->addCc($cc2); }
-                if (isset($_FILES['uploaded'])) {
+                if (is_uploaded_file($_FILES['uploaded']['tmp_name'])) {
                     $mymail->addAttachment($_FILES['uploaded']['tmp_name'],
                                            $_FILES['uploaded']['type'],
                                            $_FILES['uploaded']['name']);  
diff --git a/modules/profile.php b/modules/profile.php
index 248a327..65f79cf 100644
--- a/modules/profile.php
+++ b/modules/profile.php
@@ -124,15 +124,19 @@ class ProfileModule extends PLModule
                     .'/'.S::v('forlife').'.jpg';
 
         if (Env::has('upload')) {
-            $file = isset($_FILES['userfile']['tmp_name'])
-                    ? $_FILES['userfile']['tmp_name']
-                    : Env::v('photo');
-            if ($data = file_get_contents($file)) {
-                if ($myphoto = new PhotoReq(S::v('uid'), $data)) {
+            if (isset($_FILES['userfile']['tmp_name']) 
+                    && !is_uploaded_file($_FILES['userfile']['tmp_name'])) {
+                $page->trig('Une erreur s\'est produite lors du transfert du fichier');
+            } else {
+                $file = is_uploaded_file($_FILES['userfile']['tmp_name'])
+                        ? $_FILES['userfile']['tmp_name']
+                        : Env::v('photo');
+                if ($data = file_get_contents($file)) {
+                    $myphoto = new PhotoReq(S::v('uid'), $data);
                     $myphoto->submit();
+                } else {
+                    $page->trig('Fichier inexistant ou vide');
                 }
-            } else {
-                $page->trig('Fichier inexistant ou vide');
             }
         } elseif (Env::has('trombi')) {
             $myphoto = new PhotoReq(S::v('uid'),
diff --git a/modules/xnetgrp/mail.inc.php b/modules/xnetgrp/mail.inc.php
index 646883c..6040e30 100644
--- a/modules/xnetgrp/mail.inc.php
+++ b/modules/xnetgrp/mail.inc.php
@@ -107,7 +107,7 @@ function send_xnet_mails($from, $sujet, $body, $tos, $replyto = null, $attach =
     $mailer = new PlMailer();
     $mailer->setSubject($sujet);
     $mailer->setFrom($from);
-    if (isset($attach)) {
+    if (is_uploaded_file($attach['tmp_name'])) {
         $mailer->addAttachment($attach['tmp_name'],
                                $attach['type'],
                                $attach['name']);
-- 
2.1.4