upload: disallow overwrites of existing file names

Not a solution for reusing the same name, but prevents silent replacement
allowing the user to retry.

Reported-by: Fulco Jongsma

diff --git a/upload.inc.php b/upload.inc.php
index 6175fe20a685b1b1df707ccba8e74f4bad2564f1..e70f5738a3bfacafa1a4013b42f5905010c7d676 100644 (file)
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -27,6 +27,9 @@ function userupload($input, $target = NULL, $filename = NULL)
                $target .= $input['name'];
        }
 
+       if (file_exists($target)) {
+               throw new Exception("bestandsnaam al aanwezig op $target");
+       }
        if (!@move_uploaded_file($input['tmp_name'], $target)) {
                throw new Exception("bestand kon niet worden opgeslagen in $target");
        }