[security] fixed issue #13959: RCE via resource file upload as authen…

…ticated user
LimeSurvey · Aug 15, 2018 · c54997c · c54997c
1 parent 47d8381
commit c54997c
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/application/third_party/pclzip/pclzip.lib.php b/application/third_party/pclzip/pclzip.lib.php
@@ -3669,6 +3669,9 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path,
       }
     }
 
+    // Added by LS Team to check for invalid paths
+    $p_entry['filename'] = get_absolute_path($p_entry['filename']);    
+
     // ----- Add the path
     if ($p_path != '') {
       $p_entry['filename'] = $p_path."/".$p_entry['filename'];