From e9217a7c1dfb12ff7bc0b19c02185a284c374c2c Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Wed, 18 Mar 2009 03:29:16 +0000
Subject: [PATCH] BUGFIX Validating $_FILES in Image::loadUploadedImage()
 (Original patch was applied to Upload->validate() in trunk - r73254)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2@73295 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 core/model/Image.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/model/Image.php b/core/model/Image.php
index 01d290566..66d677ad4 100755
--- a/core/model/Image.php
+++ b/core/model/Image.php
@@ -127,6 +127,11 @@ class Image extends File {
 			return;
 		}
 		
+		if(isset($tmpFile['tmp_name']) && !is_uploaded_file($tmpFile['tmp_name'])) {
+			user_error("Image::loadUploadedImage() Image file is not a valid upload", E_USER_ERROR);
+			return false;
+		}
+		
 		$base = dirname(dirname($_SERVER['SCRIPT_FILENAME']));
 		$class = $this->class;