From 5524255aa5b66786e2095fbfecd6c18490e4bd4a Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 14 Feb 2005 07:13:38 +0000
Subject: [PATCH] More upload fixes -
 http://mosquito.wordpress.org/view.php?id=696

git-svn-id: http://svn.automattic.com/wordpress/trunk@2331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/upload.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 79a8cf7158..20e0954de2 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -11,6 +11,9 @@ if ($user_level == 0) //Checks to see if user has logged in
 if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
 	die (__("The admin disabled this function"));
 
+if ( !get_settings('fileupload_minlevel') )
+	die (__("You are not allowed to upload files"));
+
 $allowed_types = explode(' ', trim(strtolower(get_settings('fileupload_allowedtypes'))));
 
 if ($_POST['submit']) {
@@ -80,11 +83,11 @@ case 'upload':
 	$imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
 
 	$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
-	$img1_name = preg_replace('/[^a-z0-9.]/i', '', $img1_name); 
+	$img1_name = preg_replace('/[^a-z0-9_.]/i', '', $img1_name); 
 	$img1_size = $_POST['img1_size'] ? intval($_POST['img1_size']) : intval($_FILES['img1']['size']);
 
 	$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
-	$imgdesc = htmlentities2($imgdesc);
+	$imgdesc = htmlentities2($_POST['imgdesc']);
 
 	$pi = pathinfo($img1_name);
 	$imgtype = strtolower($pi['extension']);
@@ -224,4 +227,4 @@ Name:
 break;
 }
 include('admin-footer.php');
-?>
+?>
\ No newline at end of file