mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-05-04 06:43:18 +02:00
apply fix to path traversal vulnerability (#718)
Co-authored-by: João Maurício <joao.goncalves.mauricio@pwc.com>
This commit is contained in:
parent
bc9096fad3
commit
154947ef83
|
@ -867,7 +867,7 @@ if (!empty($_FILES) && !FM_READONLY) {
|
|||
|
||||
$filename = $f['file']['name'];
|
||||
$tmp_name = $f['file']['tmp_name'];
|
||||
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
$ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
|
||||
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
|
||||
|
||||
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
|
||||
|
@ -880,12 +880,12 @@ if (!empty($_FILES) && !FM_READONLY) {
|
|||
|
||||
$targetPath = $path . $ds;
|
||||
if ( is_writable($targetPath) ) {
|
||||
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
|
||||
$fullPath = $path . '/' . basename($_REQUEST['fullpath']);
|
||||
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
|
||||
|
||||
if(file_exists ($fullPath) && !$override_file_name) {
|
||||
$ext_1 = $ext ? '.'.$ext : '';
|
||||
$fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1;
|
||||
$fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1;
|
||||
}
|
||||
|
||||
if (!is_dir($folder)) {
|
||||
|
|
Loading…
Reference in a new issue