From fcf6c1f0b4c012edabd8cef767ebe8bb376f1502 Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Thu, 12 Mar 2015 14:58:42 +0100
Subject: [PATCH] If a client is posting bad parameters, it can end up copying
 a file into itself.

---
 core/src/plugins/access.fs/class.fsAccessDriver.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/src/plugins/access.fs/class.fsAccessDriver.php b/core/src/plugins/access.fs/class.fsAccessDriver.php
index adfd04228d..c23891427b 100644
--- a/core/src/plugins/access.fs/class.fsAccessDriver.php
+++ b/core/src/plugins/access.fs/class.fsAccessDriver.php
@@ -1292,6 +1292,9 @@ protected function copyUploadedData($uploadData, $destination, $filename, $messa
     protected function appendUploadedData($folder, $source, $target){
 
         $already_existed = false;
+        if($source == $target){
+            throw new Exception("Something nasty happened: trying to copy $source into itself, it will create a loop!");
+        }
         if (file_exists($folder ."/" . $target)) {
             $already_existed = true;
             $this->logDebug("Should copy stream from $source to $target");