Mercurial Mercurial > repos > enano-1.1 / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/functions.php
changeset 720 e2762777b170
parent 711 f70d764aab33
child 741 a216e412c439 
--- a/includes/functions.php	Sat Nov 08 22:31:58 2008 -0500
+++ b/includes/functions.php	Sat Nov 08 22:32:43 2008 -0500
@@ -3148,7 +3148,7 @@
   // Compress buffered output if required and send to browser
   // Sorry, doesn't work in IE. What else is new?
   //
-  if ( $do_gzip && function_exists('gzdeflate') && !strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE') )
+  if ( $do_gzip && function_exists('gzdeflate') && !strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE') && !headers_sent() )
   {
     $gzip_contents = ob_get_contents();
     ob_end_clean();
@@ -3752,8 +3752,8 @@
   if ( !file_exists($in_file) )
     return false;
   
-  if ( preg_match('/["\'\/\\\\]/', $in_file) || preg_match('/["\'\/\\\\]/', $out_file) )
-    die('SECURITY: scale_image(): infile or outfile path is screwy');
+  $in_file = escapeshellarg($in_file);
+  $out_file = escapeshellarg($out_file);
   
   if ( file_exists($out_file) && !$unlink )
     return false;
Enano CMS (1.1.x)