From 6ddf9fe6d666636f15e474039fb72d1dadff8805 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@alternc.org>
Date: Thu, 24 Jun 2010 00:11:01 +0000
Subject: [PATCH] detecting access right problem in browser upload

---
 bureau/class/m_bro.php                     | 11 ++++++++---
 bureau/locales/en_US/LC_MESSAGES/manual.po |  3 +++
 bureau/locales/fr_FR/LC_MESSAGES/manual.po |  4 ++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php
index 18d1e9d7..f6117fed 100644
--- a/bureau/class/m_bro.php
+++ b/bureau/class/m_bro.php
@@ -512,11 +512,16 @@ class m_bro {
     if (!strpos($_FILES['userfile']['name'],"/")) {
       if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
         if (!file_exists($absolute."/".$_FILES['userfile']['name'])) {
-          touch($absolute."/".$_FILES['userfile']['name']);
+          @touch($absolute."/".$_FILES['userfile']['name']);
         }
-        move_uploaded_file($_FILES['userfile']['tmp_name'], $absolute."/".$_FILES['userfile']['name']);
+        if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $absolute."/".$_FILES['userfile']['name'])) {
+	  return $absolute."/".$_FILES['userfile']['name'];
+	} else {
+	  $err->raise("bro",3);
+	  return false;
+	}
       } else {
-	    $err->log("bro","uploadfile","Tentative d'attaque : ".$_FILES['userfile']['tmp_name']);
+	$err->log("bro","uploadfile","Tentative d'attaque : ".$_FILES['userfile']['tmp_name']);
         return false;
       }
     }
diff --git a/bureau/locales/en_US/LC_MESSAGES/manual.po b/bureau/locales/en_US/LC_MESSAGES/manual.po
index c0d5c64b..c1d45155 100644
--- a/bureau/locales/en_US/LC_MESSAGES/manual.po
+++ b/bureau/locales/en_US/LC_MESSAGES/manual.po
@@ -681,6 +681,9 @@ msgstr "File or folder name is incorrect"
 msgid "err_bro_2"
 msgstr "You cannot move or copy a file to the same folder"
 
+msgid "err_bro_3"
+msgstr "You don't have the right to write into this folder. Please check the access rights."
+
 #. If we manage your DNS <br />You can manage your mails elsewhere if you want 
 #. (MX field).<br />Write <b><code>%s</code></b> in this field if your mail 
 #. must be managed by %s<br />or put the IP address or name of the mail server 
diff --git a/bureau/locales/fr_FR/LC_MESSAGES/manual.po b/bureau/locales/fr_FR/LC_MESSAGES/manual.po
index bd947d83..b7147676 100644
--- a/bureau/locales/fr_FR/LC_MESSAGES/manual.po
+++ b/bureau/locales/fr_FR/LC_MESSAGES/manual.po
@@ -728,6 +728,10 @@ msgstr "R
 msgid "err_bro_2"
 msgstr "Vous ne pouvez pas déplacer un fichier dans le même répertoire !"
 
+#. Right incorrect
+msgid "err_bro_3"
+msgstr "Vous n'avez pas le droit d'écrire dans ce répertoire. Vérifiez les droits d'accès !"
+
 #. If we manage your DNS <br />You can manage your mails elsewhere if you want 
 #. (MX field).<br />Write <b><code>%s</code></b> in this field if your mail 
 #. must be managed by %s<br />or put the IP address or name of the mail server