Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Don't leave files which fail the upload check in the tmp company logo…
… directory.
- Loading branch information
b1b3fd6There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternate fix for #251. As mentioned in the PR we also want to add whitelisting rather than blacklisting.
b1b3fd6There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do note, this fix could lead to the file being there for a short period of time leading to a race condition wherin the attacker simply has to beat the unlink to the punch and spawn a reverse shell/drop further malicious files/whatever.