deblan-mirror/tinyfilemanager
deblan-mirror/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager synced 2024-05-20 22:46:35 +02:00
Code Issues Projects Releases Wiki Activity

apply fix to path traversal vulnerability

Browse source
This commit is contained in:
João Maurício 2022-02-11 18:40:38 +01:00
parent bc9096fad3
commit fa23c34b8d
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tinyfilemanager.php
View file

@ -867,7 +867,7 @@ if (!empty($_FILES) && !FM_READONLY) {
$filename = $f['file']['name'];
$tmp_name = $f['file']['tmp_name'];
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
@ -880,12 +880,12 @@ if (!empty($_FILES) && !FM_READONLY) {
$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
$fullPath = $path . '/' . basename($_REQUEST['fullpath']);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
if(file_exists ($fullPath) && !$override_file_name) {
$ext_1 = $ext ? '.'.$ext : '';
$fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1;
$fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1;
}
if (!is_dir($folder)) {