tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-6170-xss-en-incidents' into 'develop' 

fixed vilnerability with filename incidents

See merge request artica/pandorafms!3399
This commit is contained in:
Daniel Rodriguez 2020-08-11 12:40:22 +02:00
parent 9a28cf9692 41249220df
commit ee61425bbf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/operation/incidents/incident_detail.php
View File

@ -137,11 +137,11 @@ if (isset($_GET['id'])) {
}
// Upload file
if ((check_acl($config['id_user'], $id_grupo, 'IW') == 1) and isset($_GET['upload_file']) and ($_FILES['userfile']['name'] != '')) {
if ((check_acl($config['id_user'], $id_grupo, 'IW') == 1) && isset($_GET['upload_file']) && ($_FILES['userfile']['name'] != '')) {
$description = get_parameter('file_description', __('No description available'));
// Insert into database
$filename = io_safe_input($_FILES['userfile']['name']);
$filename = strip_tags(io_safe_input($_FILES['userfile']['name']), '<br>');
$filesize = io_safe_input($_FILES['userfile']['size']);
// The following is if you have clamavlib installed