From 3d74fb7d99bd2e287730552f7a66562417a55047 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Tue, 5 Sep 2023 16:06:11 -0500
Subject: [PATCH] Security: sanitize file name when uploading chunks with
 bigUpload

---
 main/inc/ajax/document.ajax.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/main/inc/ajax/document.ajax.php b/main/inc/ajax/document.ajax.php
index b04e13ab6a..7ef9a735d6 100755
--- a/main/inc/ajax/document.ajax.php
+++ b/main/inc/ajax/document.ajax.php
@@ -59,9 +59,12 @@ switch ($action) {
                 }
                 if (!empty($fileList)) {
                     foreach ($fileList as $n => $file) {
-                        $tmpFile = $tempDirectory.$file['name'];
+                        $tmpFile = disable_dangerous_file(
+                            api_replace_dangerous_char($file['name'])
+                        );
+
                         file_put_contents(
-                            $tmpFile,
+                            $tempDirectory.$tmpFile,
                             fopen($file['tmp_name'], 'r'),
                             FILE_APPEND
                         );