r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Bug fix for #1079

This commit is contained in:
Diego Najar 2019-09-05 23:10:39 +02:00
parent 72b6908899
commit 7092697112
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bl-kernel/ajax/upload-images.php
View File

@ -38,11 +38,22 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
// Convert URL characters such as spaces or quotes to characters // Convert URL characters such as spaces or quotes to characters
$filename = urldecode($filename); $filename = urldecode($filename);
// Check path traversal
if (Text::stringContains($filename, DS, false)) {
$message = 'Path traversal detected.';
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
// Move from PHP tmp file to Bludit tmp directory // Move from PHP tmp file to Bludit tmp directory
Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename); Filesystem::mv($_FILES['images']['tmp_name'][$uuid], PATH_TMP.$filename);
// Transform the image and generate the thumbnail // Transform the image and generate the thumbnail
$image = transformImage(PATH_TMP.$filename, $imageDirectory, $thumbnailDirectory); $image = transformImage(PATH_TMP.$filename, $imageDirectory, $thumbnailDirectory);
// Delete temporary file
Filesystem::rmfile(PATH_TMP.$filename);
if ($image) { if ($image) {
$filename = Filesystem::filename($image); $filename = Filesystem::filename($image);
array_push($images, $filename); array_push($images, $filename);