Skip to content

Commit f3d62b6

Browse files
ywarnierywarnier
committed
Security: Sanitize file name when uploading chunks with bigUpload (2)
1 parent 46247d0 commit f3d62b6

File tree

3 files changed

+15
-6
lines changed

3 files changed

+15
-6
lines changed

main/inc/ajax/dropbox.ajax.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,12 @@
2727
}
2828
if (!empty($fileList)) {
2929
foreach ($fileList as $n => $file) {
30-
$tmpFile = $tempDirectory.$file['name'];
30+
$tmpFile = disable_dangerous_file(
31+
api_replace_dangerous_char($file['name'])
32+
);
33+
3134
file_put_contents(
32-
$tmpFile,
35+
$tempDirectory.$tmpFile,
3336
fopen($file['tmp_name'], 'r'),
3437
FILE_APPEND
3538
);

main/inc/ajax/exercise.ajax.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1180,9 +1180,12 @@ function (array $exercise) {
11801180
}
11811181
if (!empty($fileList)) {
11821182
foreach ($fileList as $n => $file) {
1183-
$tmpFile = $tempDirectory.$file['name'];
1183+
$tmpFile = disable_dangerous_file(
1184+
api_replace_dangerous_char($file['name'])
1185+
);
1186+
11841187
file_put_contents(
1185-
$tmpFile,
1188+
$tempDirectory.$tmpFile,
11861189
fopen($file['tmp_name'], 'r'),
11871190
FILE_APPEND
11881191
);

main/inc/ajax/work.ajax.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,9 +76,12 @@
7676
}
7777
if (!empty($fileList)) {
7878
foreach ($fileList as $n => $file) {
79-
$tmpFile = $tempDirectory.$file['name'];
79+
$tmpFile = disable_dangerous_file(
80+
api_replace_dangerous_char($file['name'])
81+
);
82+
8083
file_put_contents(
81-
$tmpFile,
84+
$tempDirectory.$tmpFile,
8285
fopen($file['tmp_name'], 'r'),
8386
FILE_APPEND
8487
);

0 commit comments

Comments
 (0)