Fixed issue: Security problems with uploaded files in administration

LimeSurvey · Mar 7, 2013 · ff144cc · ff144cc
1 parent a606982
commit ff144cc
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 7 deletions.
diff --git a/application/controllers/admin/dataentry.php b/application/controllers/admin/dataentry.php
@@ -296,7 +296,7 @@ private function _readFile($filePath)
     private function _moveUploadedFile($aData)
     {
         $clang = $this->getController()->lang;
-        $the_full_file_path = Yii::app()->getConfig('tempdir') . "/" . $_FILES['the_file']['name'];
+        $the_full_file_path = Yii::app()->getConfig('tempdir') . "/" . randomChars(20);
 
         $move_uploaded_file_result = @move_uploaded_file($_FILES['the_file']['tmp_name'], $the_full_file_path);
 

diff --git a/application/controllers/admin/labels.php b/application/controllers/admin/labels.php
@@ -125,7 +125,7 @@ public function import()
         {
             Yii::app()->loadHelper('admin/import');
 
-            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . $_FILES['the_file']['name'];
+            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20);
             $aPathInfo = pathinfo($sFullFilepath);
             $sExtension = !empty($aPathInfo['extension']) ? $aPathInfo['extension'] : '';
 

diff --git a/application/controllers/admin/question.php b/application/controllers/admin/question.php
@@ -47,7 +47,7 @@ public function import()
 
         if ($action == 'importquestion')
         {
-            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . $_FILES['the_file']['name'];
+            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20);
             $aPathInfo = pathinfo($sFullFilepath);
             $sExtension = $aPathInfo['extension'];
 

diff --git a/application/controllers/admin/questiongroup.php b/application/controllers/admin/questiongroup.php
@@ -46,7 +46,7 @@ function import()
             $importgroup = "\n";
             $importgroup .= "\n";
 
-            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . $_FILES['the_file']['name'];
+            $sFullFilepath = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20);
             $aPathInfo = pathinfo($sFullFilepath);
             $sExtension = $aPathInfo['extension'];
 

diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php
@@ -885,7 +885,7 @@ public function copy()
             if ($action == 'importsurvey')
             {
 
-                $the_full_file_path = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20).'_'.$_FILES['the_file']['name'];
+                $the_full_file_path = Yii::app()->getConfig('tempdir') . DIRECTORY_SEPARATOR . randomChars(20);
                 if (!@move_uploaded_file($_FILES['the_file']['tmp_name'], $the_full_file_path))
                 {
                     $aData['sErrorMessage'] = sprintf($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), Yii::app()->getConfig('tempdir'));

diff --git a/application/controllers/admin/tokens.php b/application/controllers/admin/tokens.php
@@ -1830,9 +1830,8 @@ function import($iSurveyId)
             $firstline = array();
 
             $sPath = Yii::app()->getConfig('tempdir');
-            $sFileName = $_FILES['the_file']['name'];
             $sFileTmpName = $_FILES['the_file']['tmp_name'];
-            $sFilePath = $sPath . '/' . $sFileName;
+            $sFilePath = $sPath . '/' . randomChars(20);
 
             if (!@move_uploaded_file($sFileTmpName, $sFilePath))
             {