X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fmain.inc;h=3d94aeb6900d1a85583ece6eef587f33015c96b9;hb=f2e7911580d86e0c75edeabc3ce5b106c9f23151;hp=ee7564785f0d8d020ad50668938d9279799a22c5;hpb=c2e4edb8bd1eb60893f042f562bf2b817f06fd81;p=fa-stable.git

diff --git a/includes/main.inc b/includes/main.inc
index ee756478..3d94aeb6 100644
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -270,11 +270,12 @@ function check_write($path)
 function copy_files($flist, $from, $to, $strict=false)
 {
 	foreach ($flist as $file) {
-		if (file_exists($from.'/'.$file))
+		if (file_exists($from.'/'.$file)) {
 			if (!copy_file($file, $from, $to))
 				return false;
-		if ($strict && !is_file($from.'/'.$file)) // if 
+		} else if ($strict) {
 				unlink($to.'/'.$file);
+		}
 	}
 	return true;
 }
@@ -326,11 +327,11 @@ function find_custom_file($rep)
 		$extensions = $installed_extensions;
 		foreach ($extensions as $ext)
 			if (($ext['active'] && $ext['type'] == 'extension')) {
-				$local_path_to_root =
 				$path = $path_to_root.'/'.$ext['path'];
 				$file = $path.$rep;
 				if (file_exists($file)) {
 					set_include_path($path.PATH_SEPARATOR.get_include_path());
+					$local_path_to_root = $path;
 					return $file;
 				}
 			}
@@ -342,5 +343,13 @@ function find_custom_file($rep)
 
 	return null;
 }
+/*
+	
+	Protect against directory traversal.
+	Changes all not POSIX compatible chars to underscore.
+*/
+function clean_file_name($filename) {
+    return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
+}
 
 ?>
\ No newline at end of file