Skip to content

Commit 487afc3

Browse files
authored
Change the fax file name to md5 to avoid characters that present a security risk.
1 parent 57b7bf0 commit 487afc3

File tree

1 file changed

+4
-22
lines changed

1 file changed

+4
-22
lines changed

Diff for: app/fax/fax_send.php

+4-22
Original file line numberDiff line numberDiff line change
@@ -351,28 +351,10 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){
351351
$disallowed_file_extensions = explode(',','sh,ssh,so,dll,exe,bat,vbs,zip,rar,z,tar,tbz,tgz,gz');
352352
if (in_array($fax_file_extension, $disallowed_file_extensions) || $fax_file_extension == '') { continue; }
353353

354-
$fax_name = $_files['name'][$index];
355-
$fax_name = preg_replace('/\\.[^.\\s]{3,4}$/', '', $fax_name);
356-
$fax_name = str_replace(" ", "_", $fax_name);
357-
358-
//lua doesn't seem to like special chars with env:GetHeader
359-
$fax_name = str_replace(";", "_", $fax_name);
360-
$fax_name = str_replace(",", "_", $fax_name);
361-
$fax_name = str_replace("'", "_", $fax_name);
362-
$fax_name = str_replace("!", "_", $fax_name);
363-
$fax_name = str_replace("@", "_", $fax_name);
364-
$fax_name = str_replace("#", "_", $fax_name);
365-
$fax_name = str_replace("$", "_", $fax_name);
366-
$fax_name = str_replace("%", "_", $fax_name);
367-
$fax_name = str_replace("^", "_", $fax_name);
368-
$fax_name = str_replace("`", "_", $fax_name);
369-
$fax_name = str_replace("~", "_", $fax_name);
370-
$fax_name = str_replace("&", "_", $fax_name);
371-
$fax_name = str_replace("(", "_", $fax_name);
372-
$fax_name = str_replace(")", "_", $fax_name);
373-
$fax_name = str_replace("+", "_", $fax_name);
374-
$fax_name = str_replace("=", "_", $fax_name);
354+
//use a safe file name
355+
$fax_name = md5($_files['name'][$index]);
375356

357+
//rename the file
376358
$attachment_file_name = $_files['name'][$index];
377359
if ($attachment_file_name != $fax_name.'.'.$fax_file_extension) {
378360
rename($dir_fax_temp.'/'.$attachment_file_name, $dir_fax_temp.'/'.$fax_name.'.'.$fax_file_extension);
@@ -382,7 +364,7 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){
382364
if (!$included) {
383365
//check if directory exists
384366
if (!is_dir($dir_fax_temp)) {
385-
event_socket_mkdir($dir_fax_temp);
367+
mkdir($dir_fax_temp, 0770);
386368
}
387369
//move uploaded file
388370
move_uploaded_file($_files['tmp_name'][$index], $dir_fax_temp.'/'.$fax_name.'.'.$fax_file_extension);

0 commit comments

Comments
 (0)