From d6e4dae373bb847af9e98a3909ea9bec8187529e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Jacquet?= Date: Sat, 30 Apr 2022 13:05:10 +0200 Subject: [PATCH] Add microseconds to filename format to make it harder to predict --- CHANGES.md | 1 + modules/Grades/includes/StudentAssignments.fnc.php | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 76f5a378c..3fae752aa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,6 +7,7 @@ Changes in 8.9.5 - Fix stored XSS security issue: escape HTML attribute in StudentAssignments.fnc.php, thanks to @dungtuanha - Use big random number for parent password generation in NotifyParents.php & CreateParents.php, thanks to @intrapus - Fix stored XSS security issue: remove inline JS from URL in PreparePHP_SELF.fnc.php, thanks to @intrapus +- Add microseconds to filename format to make it harder to predict in StudentAssignments.fnc.php, thanks to @dungtuanha Changes in 8.9.4 ---------------- diff --git a/modules/Grades/includes/StudentAssignments.fnc.php b/modules/Grades/includes/StudentAssignments.fnc.php index d10d54346..2f26aeae5 100644 --- a/modules/Grades/includes/StudentAssignments.fnc.php +++ b/modules/Grades/includes/StudentAssignments.fnc.php @@ -27,6 +27,7 @@ * @uses FileUpload() * @uses SanitizeHTML() * @since 2.9 + * @since 8.9.5 Add microseconds to filename format to make it harder to predict. * * @param string $assignment_id Assignment ID. * @param array $error Global errors array. @@ -59,7 +60,10 @@ function StudentAssignmentSubmit( $assignment_id, &$error ) $files = issetVal( $old_data['files'] ); - $timestamp = date( 'Y-m-d H:i:s' ); + $timestamp = new \DateTime(); + + // @since 8.9.5 Add microseconds to filename format to make it harder to predict. + $timestamp = $timestamp->format( 'Y-m-d H:i:s.u' ); $assignments_path = GetAssignmentsFilesPath( $assignment['STAFF_ID'] );