Permalink
Browse files

Security hole patched

User can set any filename in any folder and put any content inside.
  • Loading branch information...
SimZal committed Aug 11, 2015
1 parent 56e49d1 commit 1d38cb46c51bca6a743af792bbaa20623a43e655
Showing with 1 addition and 1 deletion.
  1. +1 −1 upload.php
View
@@ -10,7 +10,7 @@
$decodedData = base64_decode($data);
// print out the raw data,
//echo ($decodedData);
$filename = urldecode($_POST['fname']);
$filename = 'audio_recording_' . date( 'Y-m-d-H-i-s' ) .'.mp3';
// write the data out to the file
$fp = fopen('recordings/'.$filename, 'wb');
fwrite($fp, $decodedData);

0 comments on commit 1d38cb4

Please sign in to comment.