server_error ();
}
}
- return basename($dest);
+ return basename_safe ($dest);
}
function img_check_upload ($file) {
}
function delete_image_if_unused ($imgpath, $con) {
+ if (!isset ($imgpath) || (strlen ($imgpath) == 0)) {
+ return;
+ }
if ($con->imgpath_exists ($imgpath)) {
return false;
}
while ($counter < 1000) {
if (!file_exists ($filename) &&
- !($con->imgpath_exists (basename ($filename)))) {
+ !($con->imgpath_exists (basename_safe ($filename)))) {
return $filename;
} else {
$counter++;
if ($_POST ["keep_img"] == "yes") {
$imgpath = $feature->imgpath;
} else {
+ request_error ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
}
success_feature ($new_feature, "update");
break;
case "add":
+ request_error ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
$lon = $_POST ["lon"];
success_feature ($feature, "add");
break;
case "del":
+ request_error ();
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {