diff options
| author | David Rothstein <drothstein@gmail.com> | 2012-12-19 13:52:59 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2012-12-19 13:52:59 -0500 |
| commit | b47f95d3013619e33cafdf8b769b2b6179a07956 (patch) | |
| tree | 611b37d59a389975890292d73faf6d4fa698e001 /includes | |
| parent | 8204a8b49474bf9590128879c21ec75f33063f46 (diff) | |
| download | brdo-b47f95d3013619e33cafdf8b769b2b6179a07956.tar.gz brdo-b47f95d3013619e33cafdf8b769b2b6179a07956.tar.bz2 | |
Drupal 7.18.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/bootstrap.inc | 2 | ||||
| -rw-r--r-- | includes/file.inc | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 74853b2cf..1b48217bc 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.18-dev'); +define('VERSION', '7.18'); /** * Core API compatibility. diff --git a/includes/file.inc b/includes/file.inc index 1e256c634..278be3ddc 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -1113,6 +1113,9 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) { // Allow potentially insecure uploads for very savvy users and admin if (!variable_get('allow_insecure_uploads', 0)) { + // Remove any null bytes. See http://php.net/manual/en/security.filesystem.nullbytes.php + $filename = str_replace(chr(0), '', $filename); + $whitelist = array_unique(explode(' ', trim($extensions))); // Split the filename up by periods. The first part becomes the basename |