Skip to content

Commit

Permalink
SECURITY: Prevent ability to specify temporary filename.
Browse files Browse the repository at this point in the history
  • Loading branch information
mrubinsk committed Mar 8, 2020
1 parent ef12c86 commit 35d382c
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions lib/Horde/Form/Type.php
Original file line number Diff line number Diff line change
Expand Up @@ -1200,12 +1200,11 @@ function _getUpload(&$vars, &$var)
if (!empty($upload['hash'])) {
$upload['img'] = $session->get('horde', 'form/' . $upload['hash']);
$session->remove('horde', 'form/' . $upload['hash']);
}

/* Get the temp file if already one uploaded, otherwise create a
* new temporary file. */
if (!empty($upload['img']['file'])) {
$tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
if (!empty($upload['img']['file'])) {
$tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
} else {
$tmp_file = Horde::getTempFile('Horde', false);
}
} else {
$tmp_file = Horde::getTempFile('Horde', false);
}
Expand Down

0 comments on commit 35d382c

Please sign in to comment.