Work: Security: Sanitize file name that could import document with special characters - refs BT#22273

9 months ago · 7212fb2a1e
parent 3075eeba7a
commit 7212fb2a1e
4 changed files with 23 additions and 32 deletions
--- a/main/inc/ajax/document.ajax.php
+++ b/main/inc/ajax/document.ajax.php
@ -153,17 +153,8 @@ switch ($action) {
                }

                $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $tmpFile = disable_dangerous_file(
-                            api_replace_dangerous_char($file['name'])
-                        );
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);

                    $globalFile = [];
                    $globalFile['files'] = $file;
--- a/main/inc/ajax/dropbox.ajax.php
+++ b/main/inc/ajax/dropbox.ajax.php
@ -79,19 +79,8 @@ switch ($action) {
                }

                $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $tmpFile = disable_dangerous_file(
-                            api_replace_dangerous_char($file['name'])
-                        );
-
-                        // to rename and move the finished file
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);

                    $globalFile = [];
                    $globalFile['files'] = $file;
--- a/main/inc/ajax/work.ajax.php
+++ b/main/inc/ajax/work.ajax.php
@ -120,14 +120,8 @@ switch ($action) {
                }

                $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$file['name'];
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);

                    $globalFile = [];
                    $globalFile['files'] = $file;
--- a/main/inc/lib/fileUpload.lib.php
+++ b/main/inc/lib/fileUpload.lib.php
@ -2255,3 +2255,20 @@ function getFileUploadSizeLimitForTeacher()

    return $size;
 }
+
+function processChunkedFile(array $file): array
+{
+    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
+        // to rename and move the finished file
+        $tmpFile = disable_dangerous_file(
+            api_replace_dangerous_char($file['name'])
+        );
+
+        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH) . $tmpFile;
+        $file['tmp_name'] = $chunkedFile;
+        $file['size'] = filesize($chunkedFile);
+        $file['copy_file'] = true;
+    }
+
+    return $file;
+}