Skip to content
Permalink
Browse files Browse the repository at this point in the history
Resolves #2112 Path traversal vulnerability
  • Loading branch information
mgesing committed Oct 13, 2020
1 parent f7ed2a5 commit 5ab1e37
Showing 1 changed file with 5 additions and 0 deletions.
Expand Up @@ -384,6 +384,11 @@ public ActionResult ProfileListDetails(int profileId)
[Permission(Permissions.Configuration.Import.Create)]
public ActionResult Create(ImportProfileModel model)
{
if (PathHelper.HasInvalidFileNameChars(model.TempFileName))
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "Invalid file name.");
}

var importFile = Path.Combine(FileSystemHelper.TempDirTenant(), model.TempFileName.EmptyNull());

if (System.IO.File.Exists(importFile))
Expand Down

0 comments on commit 5ab1e37

Please sign in to comment.