fix for attack via FILES

ChangeLog

@@ -8,6 +8,8 @@ $Source$
 2006-09-29 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/database_interface.lib.php, bug #1566904, typo in require,
       thanks to Björn Wiberg - bwiberg.
+    * libraries/grab_globals.lib.php: fix attack via _FILES,
+      thanks to Stefan Esser
 
 2006-09-27 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/.htaccess: remove potential vulnerability (allow from none),

libraries/grab_globals.lib.php

@@ -91,9 +91,12 @@ if (! empty($_POST)) {
 }
 
 if (! empty($_FILES)) {
-    foreach ($_FILES as $name => $value) {
-        $$name = $value['tmp_name'];
-        ${$name . '_name'} = $value['name'];
+    $_valid_variables = preg_replace($GLOBALS['_import_blacklist'], '', array_keys($_FILES));
+    foreach ($_valid_variables as $name) {
+        if (strlen($name) != 0) {
+            $$name = $_FILES[$name]['tmp_name'];
+            ${$name . '_name'} = $_FILES[$name]['name'];
+        }
     }
     unset($name, $value);
 }