Skip to content
Permalink
Browse files Browse the repository at this point in the history
Decode file names before restricting extensions
  • Loading branch information
lux committed Aug 20, 2018
1 parent d4cfbab commit afb3346
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions apps/filemanager/handlers/upload/drop.php
Expand Up @@ -37,14 +37,14 @@
return;
}

// some browsers may urlencode the file name
$_FILES['file']['name'] = urldecode ($_FILES['file']['name']);

if (preg_match ('/\.(php5?|phtml|js|rb|py|pl|sh|bash|exe)$/i', $_FILES['file']['name'])) {
echo json_encode (array ('success' => false, 'error' => __ ('Cannot upload executable files due to security.')));
return;
}

// some browsers may urlencode the file name
$_FILES['file']['name'] = urldecode ($_FILES['file']['name']);

if (@file_exists ($root . $_POST['path'] . '/' . $_FILES['file']['name'])) {
echo json_encode (array ('success' => false, 'error' => __ ('A file by that name already exists.')));
return;
Expand Down

1 comment on commit afb3346

@fgeek
Copy link

@fgeek fgeek commented on afb3346 Sep 9, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2018-15601 has been assigned for this issue.

Please sign in to comment.