From 616fb0281ba4bd2339accc47c0a94f7034c61a1a Mon Sep 17 00:00:00 2001
From: Derek Jones
Date: Thu, 22 Apr 2010 16:52:18 -0500
Subject: reapplied strtolower() to ->file_type from philsturgeon's changeset
5fe3b04bdf44 to standardize input
---
system/libraries/Upload.php | 2 +-
user_guide/changelog.html | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 751044968..3227c3747 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -190,7 +190,7 @@ class CI_Upload {
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
$this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
- $this->file_type = trim(stripslashes($this->file_type), '"');
+ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
$this->file_ext = $this->get_extension($_FILES[$field]['name']);
// Convert the file size to kilobytes
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 21b60ace8..6eb036096 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -94,6 +94,7 @@ Hg Tag:
Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method.
Added a download() method to the FTP library
Changed do_xss_clean() to return FALSE if the uploaded file fails XSS checks.
+ Added stripslashes() and trim()ing of double quotes from $_FILES type value to standardize input.
Database
--
cgit v1.2.3-24-g4f1b