|
|
@@ -21,10 +21,17 @@ if($dopost=='save') |
|
|
|
$spacename =(empty($spacename))? "" : $spacename;
|
|
|
|
$maxlength = $cfg_max_face * 1024;
|
|
|
|
$userdir = $cfg_user_dir.'/'.$cfg_ml->M_ID;
|
|
|
|
|
|
|
|
if (strpos($oldspacelogo,"..") > 0)
|
|
|
|
{
|
|
|
|
die("not support!");
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!preg_match('#^'.$userdir."#", $oldspacelogo))
|
|
|
|
{
|
|
|
|
$oldspacelogo = '';
|
|
|
|
}
|
|
|
|
|
|
|
|
if(is_uploaded_file($spacelogo))
|
|
|
|
{
|
|
|
|
if(@filesize($_FILES['spacelogo']['tmp_name']) > $maxlength)
|
|
|
|