0ct0pu5/adminerevo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Plugin file-upload generate temp filename no extension + prevent file to be located elsewhere then under upload path

Browse source
This commit is contained in:
Lionel Laffineur 2023-10-17 22:19:17 +02:00
parent fb3d58ce5d
commit 1cc06d6a10
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
plugins/file-upload.php
View file

@ -32,12 +32,22 @@ class AdminerFileUpload {
if (preg_match('~(.*)_path$~', $field["field"], $regs)) {
$table = ($_GET["edit"] != "" ? $_GET["edit"] : $_GET["select"]);
$name = "fields-$field[field]";
if ($_FILES[$name]["error"] || !preg_match("~(\\.($this->extensions))?\$~", $_FILES[$name]["name"], $regs2)) {
if ($_FILES["fields"]["error"][$field["field"]] || !preg_match("~(\\.($this->extensions))?\$~", $_FILES["fields"]["name"][$field["field"]], $regs2)) {
return false;
}
//! unlink old
$filename = uniqid() . $regs2[0];
if (!move_uploaded_file($_FILES[$name]["tmp_name"], "$this->uploadPath$table/$regs[1]-$filename")) {
// create sub-directory if needed
if (file_exists(__DIR__ . '/' . $this->uploadPath . '/' . $table) === false) {
mkdir(__DIR__ . '/' . $this->uploadPath . '/' . $table);
}
// generate filename
$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, ''));
// prevent the final to be anywhere else then under the upload directory
if (strpos($filename, realpath(__DIR__ . '/' . $this->uploadPath)) !== 0) {
return false;
}
// move file to its final location
if (!move_uploaded_file($_FILES["fields"]["tmp_name"][$field["field"]], $filename)) {
return false;
}
return q($filename);