tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed issues uploading files and fix vulnerability

This commit is contained in:
Jose Gonzalez 2021-09-02 13:38:55 +02:00
parent 0c96fd6f71
commit ce2bdc1917
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/include/functions_filemanager.php
View File

@ -250,7 +250,7 @@ function create_text_file($default_real_directory)
return;
}
$filename = io_safe_output(get_parameter('name_file'));
$filename = filemanager_safe_directory((string) get_parameter('name_file'));
if (empty($filename) === false) {
$real_directory = filemanager_safe_directory((string) get_parameter('real_directory'));
@ -981,8 +981,8 @@ function filemanager_safe_directory(
$directory = io_safe_output($directory);
$forbiddenAttempting = false;
if ((bool) preg_match('/(\.){1,2}/', $directory) !== false) {
$directory = preg_replace('/(\.){1,2}/', '', (empty($safedDirectory) === true) ? $directory : $safedDirectory);
if ((bool) preg_match('/(\.){2}/', $directory) !== false) {
$directory = preg_replace('/(\.){2}/', '', (empty($safedDirectory) === true) ? $directory : $safedDirectory);
$forbiddenAttempting = true;
}