From 2d535ad6123bacdd79a78816ccb4b4ae050b2158 Mon Sep 17 00:00:00 2001 From: Diego Najar Date: Sun, 10 Mar 2019 18:28:29 +0100 Subject: [PATCH] check extension and path traversal --- bl-kernel/ajax/upload-profile-picture.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bl-kernel/ajax/upload-profile-picture.php b/bl-kernel/ajax/upload-profile-picture.php index 8ea2bb8a..63bf6f21 100644 --- a/bl-kernel/ajax/upload-profile-picture.php +++ b/bl-kernel/ajax/upload-profile-picture.php @@ -31,7 +31,7 @@ $tmpFilename = $username.'.'.$fileExtension; $filename = $username.'.png'; // Check path traversal -if (Text::stringContains($username, '/', false)) { +if (Text::stringContains($username, DS, false)) { $message = 'Path traversal detected.'; Log::set($message, LOG_TYPE_ERROR); ajaxResponse(1, $message);