chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Sanitize file name when uploading chunks with bigUpload (2)

Browse Source
pull/4909/head
Yannick Warnier 2 years ago
parent 46247d0ae1
commit f3d62b65ad
3 changed files with 15 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/inc/ajax/dropbox.ajax.php
  2. 7
      main/inc/ajax/exercise.ajax.php
  3. 7
      main/inc/ajax/work.ajax.php

7
main/inc/ajax/dropbox.ajax.php
Unescape View File

@ -27,9 +27,12 @@ switch ($action) {
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);
file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);

7
main/inc/ajax/exercise.ajax.php
Unescape View File

@ -1180,9 +1180,12 @@ switch ($action) {
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);
file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);

7
main/inc/ajax/work.ajax.php
Unescape View File

@ -76,9 +76,12 @@ switch ($action) {
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);
file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);

Write Preview
Loading…
Cancel
Save