equal
deleted
inserted
replaced
116 die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_replace_protected') . '</p>'); |
116 die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_replace_protected') . '</p>'); |
117 } |
117 } |
118 |
118 |
119 $utime = time(); |
119 $utime = time(); |
120 |
120 |
121 $filename = $db->escape($filename); |
121 $filename = $db->escape(sanitize_page_id($filename)); |
122 $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
122 $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
123 $flen = filesize($file['tmp_name']); |
123 $flen = filesize($file['tmp_name']); |
124 |
124 |
125 $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); |
125 $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); |
126 $chartag = sha1(microtime()); |
126 $chartag = sha1(microtime()); |
217 } |
217 } |
218 else |
218 else |
219 { |
219 { |
220 $tid = ''; |
220 $tid = ''; |
221 } |
221 } |
222 $filename = $db->escape($filename); |
222 $filename = $db->escape(sanitize_page_id($filename)); |
|
223 |
223 $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
224 $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
224 if ( !$q ) |
225 if ( !$q ) |
225 { |
226 { |
226 $db->_die('The file data could not be selected.'); |
227 $db->_die('The file data could not be selected.'); |
227 } |
228 } |