BUGFIX Validating $_FILES in Image::loadUploadedImage() (Original pat…

…ch was applied to Upload->validate() in trunk - r73254) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2@73295 467b73ca-7a2a-4603-9d3b-597d59a354a9
silverstripe · Feb 2, 2011 · e9217a7 · e9217a7
1 parent 5f13d41
commit e9217a7
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/core/model/Image.php b/core/model/Image.php
@@ -127,6 +127,11 @@ function loadUploadedImage($tmpFile) {
 			return;
 		}
 
+		if(isset($tmpFile['tmp_name']) && !is_uploaded_file($tmpFile['tmp_name'])) {
+			user_error("Image::loadUploadedImage() Image file is not a valid upload", E_USER_ERROR);
+			return false;
+		}
+
 		$base = dirname(dirname($_SERVER['SCRIPT_FILENAME']));
 		$class = $this->class;