[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [11290] property: correct scrambled file names
|
From: |
Sigurd Nes |
|
Subject: |
[Fmsystem-commits] [11290] property: correct scrambled file names |
|
Date: |
Thu, 12 Sep 2013 12:09:38 +0000 |
Revision: 11290
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=11290
Author: sigurdne
Date: 2013-09-12 12:09:37 +0000 (Thu, 12 Sep 2013)
Log Message:
-----------
property: correct scrambled file names
Modified Paths:
--------------
trunk/property/inc/class.bofiles.inc.php
Modified: trunk/property/inc/class.bofiles.inc.php
===================================================================
--- trunk/property/inc/class.bofiles.inc.php 2013-09-12 11:58:02 UTC (rev
11289)
+++ trunk/property/inc/class.bofiles.inc.php 2013-09-12 12:09:37 UTC (rev
11290)
@@ -158,6 +158,8 @@
foreach ($values['file_action'] as $file_name)
{
+ $file_name = html_entity_decode($file_name);
+
$file = "{$this->fakebase}{$path}{$file_name}";
if($this->vfs->file_exists(array(
@@ -203,10 +205,11 @@
if(!$file)
{
- $file_name =
urldecode(phpgw::get_var('file_name'));
+ $file_name =
html_entity_decode(urldecode(phpgw::get_var('file_name')));
$id = phpgw::get_var('id');
$file =
"{$this->fakebase}/{$type}/{$id}/{$file_name}";
}
+
// prevent path traversal
if ( preg_match('/\.\./', $file) )
{
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [11290] property: correct scrambled file names,
Sigurd Nes <=