deblan-mirror/tinyfilemanager
deblan-mirror/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager synced 2024-04-25 02:40:30 +02:00
Code Issues Projects Releases Wiki Activity

apply fix to path traversal vulnerability (#718)

Browse source 
Co-authored-by: João Maurício <joao.goncalves.mauricio@pwc.com>
This commit is contained in:
joaogmauricio 2022-02-12 06:04:05 +01:00 committed by GitHub
parent bc9096fad3
commit 154947ef83
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tinyfilemanager.php
View file

@ -867,7 +867,7 @@ if (!empty($_FILES) && !FM_READONLY) {
$filename = $f['file']['name'];
$tmp_name = $f['file']['tmp_name'];
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
@ -880,12 +880,12 @@ if (!empty($_FILES) && !FM_READONLY) {
$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
$fullPath = $path . '/' . basename($_REQUEST['fullpath']);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
if(file_exists ($fullPath) && !$override_file_name) {
$ext_1 = $ext ? '.'.$ext : '';
$fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1;
$fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1;
}
if (!is_dir($folder)) {