Skip to content
Permalink
Browse files

SECURITY: prevent directory traversal vulnerability.

  • Loading branch information
mrubinsk committed Jan 4, 2019
1 parent 4ad07d7 commit f5fc41e9d3f1a7bc9371dda5d39ea7629b0030f3
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Horde/Form/Type.php
@@ -1205,7 +1205,7 @@ function _getUpload(&$vars, &$var)
/* Get the temp file if already one uploaded, otherwise create a
* new temporary file. */
if (!empty($upload['img']['file'])) {
$tmp_file = Horde::getTempDir() . '/' . $upload['img']['file'];
$tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
} else {
$tmp_file = Horde::getTempFile('Horde', false);
}

0 comments on commit f5fc41e

Please sign in to comment.
You can’t perform that action at this time.