chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Dropbox: Security: Sanitize file name that could import document with special characters - refs BT#22273

Browse Source
pull/5961/head
Angel Fernando Quiroz Campos 9 months ago
parent 406e0dd5f4
commit 3075eeba7a
No known key found for this signature in database
GPG Key ID: B284841AE3E562CD
1 changed files with 6 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/inc/ajax/dropbox.ajax.php

7
main/inc/ajax/dropbox.ajax.php
Unescape View File

@ -82,7 +82,12 @@ switch ($action) {
foreach ($fileList as $file) {
if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
// to rename and move the finished file
$chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);
// to rename and move the finished file
$chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
$file['tmp_name'] = $chunkedFile;
$file['size'] = filesize($chunkedFile);
$file['copy_file'] = true;

Write Preview
Loading…
Cancel
Save