From 154947ef83efeb68fc2b921065392b6a7fc9c965 Mon Sep 17 00:00:00 2001
From: joaogmauricio <joao.goncalves.mauricio@gmail.com>
Date: Sat, 12 Feb 2022 06:04:05 +0100
Subject: [PATCH] apply fix to path traversal vulnerability (#718)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: João Maurício <joao.goncalves.mauricio@pwc.com>
---
 tinyfilemanager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 4ceb10c..6cca6c1 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -867,7 +867,7 @@ if (!empty($_FILES) && !FM_READONLY) {
 
     $filename = $f['file']['name'];
     $tmp_name = $f['file']['tmp_name'];
-    $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+    $ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
     $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
 
     if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
@@ -880,12 +880,12 @@ if (!empty($_FILES) && !FM_READONLY) {
 
     $targetPath = $path . $ds;
     if ( is_writable($targetPath) ) {
-        $fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
+        $fullPath = $path . '/' . basename($_REQUEST['fullpath']);
         $folder = substr($fullPath, 0, strrpos($fullPath, "/"));
 
         if(file_exists ($fullPath) && !$override_file_name) {
             $ext_1 = $ext ? '.'.$ext : '';
-            $fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1;
+            $fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1;
         }
 
         if (!is_dir($folder)) {