Skip to content

Commit

Permalink
apply fix to path traversal vulnerability (#718)
Browse files Browse the repository at this point in the history 
Co-authored-by: João Maurício <joao.goncalves.mauricio@pwc.com>
  • Loading branch information
@joaogmauricio
joaogmauricio and João Maurício committed Feb 12, 2022
1 parent bc9096f commit 154947e
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions tinyfilemanager.php
View file
Expand Up @@ -867,7 +867,7 @@ function get_file_path () {

$filename = $f['file']['name'];
$tmp_name = $f['file']['tmp_name'];
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;

if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) {
Expand All @@ -880,12 +880,12 @@ function get_file_path () {

$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
$fullPath = $path . '/' . basename($_REQUEST['fullpath']);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));

if(file_exists ($fullPath) && !$override_file_name) {
$ext_1 = $ext ? '.'.$ext : '';
$fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1;
$fullPath = $path . '/' . basename($_REQUEST['fullpath'], $ext_1) .'_'. date('ymdHis'). $ext_1;
}

if (!is_dir($folder)) {
Expand Down

0 comments on commit 154947e

Please sign in to comment.