You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the media_upload_xhr()-function there is no check if the $id is a safe filename. For example if you enter "../../../conf/local.php" as id in the upload form, the configuration file is first replaced by the uploaded file and then deleted. This happens before any security check apart from the security token is done.
There can also be more problems like characters that aren't allowed in a filename so my recommendation is to simply use the md5 sum of the id as filename.
The text was updated successfully, but these errors were encountered:
In the media_upload_xhr()-function there is no check if the $id is a safe filename. For example if you enter "../../../conf/local.php" as id in the upload form, the configuration file is first replaced by the uploaded file and then deleted. This happens before any security check apart from the security token is done.
There can also be more problems like characters that aren't allowed in a filename so my recommendation is to simply use the md5 sum of the id as filename.
The text was updated successfully, but these errors were encountered: