пре 16 година · 6f8f1924b3
--- a/admin/index.php
+++ b/admin/index.php
@@ -40,7 +40,7 @@ if ($user->isAdmin()) {
 
				 					header("Location: ".$conf->urlGelato."/admin/index.php?photo=false");

			
 
				 					die();

			
 
				 				}

			
 
				-				$_POST["url"] = "../uploads/".$photoName;

			
 
				+				$_POST["url"] = "../uploads/".sanitizeName($photoName);

			
 
				 			}

			
 
				 			

			
 
				 			if ( move_uploaded_file( $_FILES['photo']['tmp_name'], "../uploads/".sanitizeName($_FILES['photo']['name']) ) ) {

			
--- a/classes/functions.php
+++ b/classes/functions.php
@@ -85,16 +85,19 @@ if(!defined('entry') || !entry) die('Not a valid page');
 
				 	}

			
 
				 	

			
 
				 	function getFile($remoteFileName) {

			
 
				-		$fileName = "../uploads/".sanitizeName($remoteFileName);

			
 
				+		$fileName = "../uploads/".sanitizeName(getFileName($remoteFileName));		

			
 
				 		$str = _file_get_contents($remoteFileName);

			
 
				 		if (!$handle = fopen($fileName, 'w')) {

			
 
				+			//die("no se abrio de escritura");

			
 
				 			return false;

			
 
				 		}

			
 
				+		

			
 
				 		if (fwrite($handle, $str) === FALSE) {

			
 
				+			//die("no se escribio");

			
 
				 			return false;

			
 
				 		}

			
 
				 		fclose($handle);

			
 
				-		return true;		

			
 
				+		return true;	

			
 
				 	}

			
 
				 	

			
 
				 	function isVimeoVideo($videoUrl) {