r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Bug fix for #1081

This commit is contained in:
Diego Najar 2019-09-08 10:45:56 +02:00
parent 3dd31b9d11
commit a9640ff6b5
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bl-kernel/ajax/upload-images.php
View File

@ -14,6 +14,15 @@ header('Content-Type: application/json');
$uuid = empty($_POST['uuid']) ? false : $_POST['uuid'];
// ----------------------------------------------------------------------------
// Check path traversal on $uuid
if ($uuid) {
if (Text::stringContains($uuid, DS, false)) {
$message = 'Path traversal detected.';
Log::set($message, LOG_TYPE_ERROR);
ajaxResponse(1, $message);
}
}
// Set upload directory
if ($uuid && IMAGE_RESTRICT) {
$imageDirectory = PATH_UPLOADS_PAGES.$uuid.DS;
@ -38,7 +47,7 @@ foreach ($_FILES['images']['name'] as $uuid=>$filename) {
// Convert URL characters such as spaces or quotes to characters
$filename = urldecode($filename);
// Check path traversal
// Check path traversal on $filename
if (Text::stringContains($filename, DS, false)) {
$message = 'Path traversal detected.';
Log::set($message, LOG_TYPE_ERROR);