chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Plugin: OnlyOffice: Add filtering to new filenames created through the plugin

Browse Source
pull/5986/head
Yannick Warnier 9 months ago
parent ab1f124dfd
commit 822ae55513
1 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      plugin/onlyoffice/lib/onlyofficeDocumentManager.php

7
plugin/onlyoffice/lib/onlyofficeDocumentManager.php
Unescape View File

@ -189,8 +189,11 @@ class OnlyofficeDocumentManager extends DocumentManager
$fileTitle = Security::remove_XSS($basename).'.'.$fileExt;
$fileNamePrefix = ChamiloDocumentManager::getDocumentSuffix($courseInfo, $sessionId, $groupId);
$fileName = preg_replace('/\.\./', '', $basename).$fileNamePrefix.'.'.$fileExt;
$fileNameSuffix = ChamiloDocumentManager::getDocumentSuffix($courseInfo, $sessionId, $groupId);
// Try to avoid directories browsing (remove .., slashes and backslashes)
$patterns = ['#\.\./#', '#\.\.#', '#/#', '#\\\#'];
$replacements = ['', '', '', ''];
$fileName = preg_replace($patterns, $replacements, $basename).$fileNameSuffix.'.'.$fileExt;
if (empty($templatePath)) {
$templatePath = TemplateManager::getEmptyTemplate($fileExt);

Write Preview
Loading…
Cancel
Save