From 5f13d417ac00b5aa4a4103c6941f73a0f4b05ec3 Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Wed, 18 Mar 2009 03:27:21 +0000
Subject: [PATCH] BUGFIX Validating $_FILES in Folder::addUploadToFolder()
 (Original patch was applied to Upload->validate() in trunk - r73254)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2@73294 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 filesystem/Folder.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/filesystem/Folder.php b/filesystem/Folder.php
index 249710885..aa213f368 100755
--- a/filesystem/Folder.php
+++ b/filesystem/Folder.php
@@ -211,6 +211,11 @@ class Folder extends File {
 			return;
 		}
 		
+		if(isset($tmpFile['tmp_name']) && !is_uploaded_file($tmpFile['tmp_name'])) {
+			user_error("Folder::addUploadToFolder() File is not a valid upload", E_USER_ERROR);
+			return false;
+		}
+		
 		$base = dirname(dirname($_SERVER['SCRIPT_FILENAME']));
 		// $parentFolder = Folder::findOrMake("Uploads");