SECURITY: prevent directory traversal vulnerability.

mrubinsk · mrubinsk · commit f5fc41e9d3f1 · 2019-01-03T19:22:56.000-05:00
diff --git a/lib/Horde/Form/Type.php b/lib/Horde/Form/Type.php
@@ -1205,7 +1205,7 @@ function _getUpload(&$vars, &$var)
             /* Get the temp file if already one uploaded, otherwise create a
              * new temporary file. */
             if (!empty($upload['img']['file'])) {
-                $tmp_file = Horde::getTempDir() . '/' . $upload['img']['file'];
+                $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
             } else {
                 $tmp_file = Horde::getTempFile('Horde', false);
             }

Original file line number	Diff line number	Diff line change
`@@ -1205,7 +1205,7 @@ function _getUpload(&$vars, &$var)`
`1205`	`1205`	`/* Get the temp file if already one uploaded, otherwise create a`
`1206`	`1206`	`* new temporary file. */`
`1207`	`1207`	`if (!empty($upload['img']['file'])) {`
`1208`		`- $tmp_file = Horde::getTempDir() . '/' . $upload['img']['file'];`
	`1208`	`+ $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);`
`1209`	`1209`	`} else {`
`1210`	`1210`	`$tmp_file = Horde::getTempFile('Horde', false);`
`1211`	`1211`	`}`