MDL-13766, fixed mimetype validation.

author Dongsheng Cai <unoter@gmail.com>

Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)

committer Dongsheng Cai <unoter@gmail.com>

Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)
author Dongsheng Cai <unoter@gmail.com>
Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)
committer Dongsheng Cai <unoter@gmail.com>
Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)
diff --git a/repository/repository_ajax.php b/repository/repository_ajax.php

index d8d9f2d..f50c37a 100755 (executable)
--- a/repository/repository_ajax.php
+++ b/repository/repository_ajax.php
@@ -164,14 +164,14 @@ switch ($action) {
      case 'download':
          // validate mimetype
          $mimetypes = array();
-        if (in_array('*', $accepted_types) or $accepted_types == '*') {
+        if ((is_array($accepted_types) and in_array('*', $accepted_types)) or $accepted_types == '*') {
              $mimetypes = '*';
          } else {
              foreach ($accepted_types as $type) {
                  $mimetypes[] = mimeinfo('type', $type);
              }
              if (!in_array(mimeinfo('type', $saveas_filename), $mimetypes)) {
-                throw new moodle_exception('invalidfiletype', 'repository', '', mimeinfo('type', $_FILES[$elname]['name']));
+                throw new moodle_exception('invalidfiletype', 'repository', '', mimeinfo('type', $saveas_filename));
              }
          }
author	Dongsheng Cai <unoter@gmail.com>
	Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)
committer	Dongsheng Cai <unoter@gmail.com>
	Tue, 6 Jul 2010 07:28:03 +0000 (07:28 +0000)