Fixed issue: Security problems with uploaded files in administration

LimeSurvey · Mar 8, 2013 · 09b70a1 · 09b70a1
1 parent dbad629
commit 09b70a1
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/application/controllers/admin/question.php b/application/controllers/admin/question.php
@@ -48,8 +48,7 @@ public function import()
         if ($action == 'importquestion')
         {
             $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20);
-            $aPathInfo = pathinfo($sFullFilepath);
-            $sExtension = $aPathInfo['extension'];
+            $sExtension = pathinfo($_FILES['the_file']['name'], PATHINFO_EXTENSION);
 
             if (!@move_uploaded_file($_FILES['the_file']['tmp_name'], $sFullFilepath))
                 $fatalerror = sprintf($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), Yii::app()->getConfig('tempdir'));