chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: sanitize file name when uploading chunks with bigUpload

Browse Source
pull/4889/head
Angel Fernando Quiroz Campos 2 years ago
parent ed72914608
commit 3d74fb7d99
1 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/inc/ajax/document.ajax.php

7
main/inc/ajax/document.ajax.php
Unescape View File

@ -59,9 +59,12 @@ switch ($action) {
} }
if (!empty($fileList)) { if (!empty($fileList)) {
foreach ($fileList as $n => $file) { foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name']; $tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);
file_put_contents( file_put_contents(
$tmpFile, $tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'), fopen($file['tmp_name'], 'r'),
FILE_APPEND FILE_APPEND
); );

Write Preview
Loading…
Cancel
Save