image_ex.rb in tdiary-contrib-5.3.0

- old
+ new

@@ -104,15 +104,14 @@
 	else
 		image_url = %Q[#{@image_url}/]
 		image_dir = %Q[#{@image_dir}/]
 	end
 
-	image_dir.untaint
 	Dir.mkdir(image_dir) unless File.directory?(image_dir)
 
-	list = imageList(@image_date, image_dir).untaint
-	slist = imageList(@image_date, image_dir, "s").untaint
+	list = imageList(@image_date, image_dir)
+	slist = imageList(@image_date, image_dir, "s")
 
 	if width
 		width_tag = %Q[width="#{h width}"]
 	else
 		width_tag = ""
@@ -148,11 +147,11 @@
 		image_dir = %Q[#{@image_dir}/#{@image_year}/]
 	else
 		image_url = %Q[#{@image_url}/]
 		image_dir = %Q[#{@image_dir}/]
 	end
-	list = imageList(@image_date, image_dir).untaint
+	list = imageList(@image_date, image_dir)
 	%Q[<a href="#{h image_url}#{h list[id.to_i]}">#{str}</a>]
 end
 
 ###
 
@@ -238,11 +237,10 @@
 			end
 		end
 
 		def dayimagelist( image_dir, image_date, prefix="")
 			image_path = []
-			image_dir.untaint
 			Dir.foreach(image_dir){ |file|
 				if file=~ /(.*)\_(.*)\.(.*)/
 					if $1 == "#{prefix}" + image_date.to_s
 						image_path[$2.to_i] = file
 					end
@@ -250,22 +248,21 @@
 			}
 			return image_path
 		end
 
 		if @cgi.params['plugin_image_add'][0] && @cgi.params['plugin_image_file'][0].original_filename != ''
-			image_dir = @cgi.params['plugin_image_dir'][0].read.untaint
+			image_dir = @cgi.params['plugin_image_dir'][0].read
 			image_filename = ''
 			image_extension = ''
 			image_date = date.strftime("%Y%m%d")
 			image_filename = @cgi.params['plugin_image_file'][0].original_filename
 			if image_filename =~ /(\.jpg|\.jpeg|\.gif|\.png)\z/i
 				image_extension = $1
 
 				image_name = dayimagelist(image_dir, image_date)
 				image_file = image_dir+image_date+"_"+image_name.length.to_s+image_extension.downcase
 
-				image_file.untaint
 				File::umask( 022 )
 				File::open( image_file, "wb" ) {|f|
 					f.print @cgi.params['plugin_image_file'][0].read
 				}
 			end
@@ -298,21 +295,20 @@
 					end
 				end
 			end
 
 		elsif @cgi.params['plugin_image_thumbnail'][0] && @cgi.params['plugin_image_file'][0].original_filename != ''
-			image_dir = @cgi.params['plugin_image_dir'][0].read.untaint
+			image_dir = @cgi.params['plugin_image_dir'][0].read
 			image_filename = ''
 			image_extension = ''
 			image_date = date.strftime("%Y%m%d")
 			image_filename = @cgi.params['plugin_image_file'][0].original_filename
 			if image_filename =~ /(\.jpg|\.jpeg|\.gif|\.png)\z/i
 				image_extension = $1
-				image_name = @cgi.params['plugin_image_name'][0].read.untaint
+				image_name = @cgi.params['plugin_image_name'][0].read
 				image_file=image_dir+"s"+image_name+image_extension.downcase
 
-				image_file.untaint
 				File::umask( 022 )
 				File::open( image_file, "wb" ) {|f|
 					f.print @cgi.params['plugin_image_file'][0].read
 				}
 			end
@@ -321,20 +317,18 @@
 			image_dir = @cgi.params['plugin_image_dir'][0]
 			image_date = date.strftime("%Y%m%d")
 			image_name = dayimagelist( image_dir, image_date)
 			image_name2= dayimagelist( image_dir, image_date, "s")
 
-			@cgi.params['plugin_image_id'].untaint.each do |id|
+			@cgi.params['plugin_image_id'].each do |id|
 				if image_name[id.to_i]
 					image_file=image_dir+image_name[id.to_i]
-					image_file.untaint
 					if File::exist?(image_file)
 						File::delete(image_file)
 					end
 				end
 				if image_name2[id.to_i]
 					image_file2=image_dir+image_name2[id.to_i]
-					image_file2.untaint
 					if File::exist?(image_file2)
 						File::delete(image_file2)
 					end
 				end
 			end