Skip to content

Commit

Permalink
Security: Sanitize file name when uploading chunks with bigUpload (2)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ywarnier
ywarnier committed Sep 21, 2023
1 parent 46247d0 commit f3d62b6
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 6 deletions.
7 changes: 5 additions & 2 deletions main/inc/ajax/dropbox.ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,12 @@
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);

file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);
Expand Down
7 changes: 5 additions & 2 deletions main/inc/ajax/exercise.ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1180,9 +1180,12 @@ function (array $exercise) {
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);

file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);
Expand Down
7 changes: 5 additions & 2 deletions main/inc/ajax/work.ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,12 @@
}
if (!empty($fileList)) {
foreach ($fileList as $n => $file) {
$tmpFile = $tempDirectory.$file['name'];
$tmpFile = disable_dangerous_file(
api_replace_dangerous_char($file['name'])
);

file_put_contents(
$tmpFile,
$tempDirectory.$tmpFile,
fopen($file['tmp_name'], 'r'),
FILE_APPEND
);
Expand Down

1 comment on commit f3d62b6

@KrSi78
Copy link

@KrSi78 KrSi78 commented on f3d62b6 Nov 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only a partial fix. The same patch has to be applied when the file upload is done, otherwise an error is raised.
For dropbox.ajax.php look around line 82, for exercise.ajax.php around line 1222, for work.ajax.php around line 123.

Please sign in to comment.