beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve uploaded file security by adding .htfile prefix to filename

Browse source
This commit is contained in:
Lionel Laffineur 2023-10-18 21:07:02 +02:00
parent 1cc06d6a10
commit fe9e2f3632
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
plugins/file-upload.php
View file

@ -40,7 +40,7 @@ class AdminerFileUpload {
mkdir(__DIR__ . '/' . $this->uploadPath . '/' . $table);
}
// generate filename
$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, ''));
$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, '.htfile'));
// prevent the final to be anywhere else then under the upload directory
if (strpos($filename, realpath(__DIR__ . '/' . $this->uploadPath)) !== 0) {