lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sec: Refused to upload hidden files

Browse Source
This commit is contained in:
Laurent Destailleur 2008-10-24 00:02:18 +00:00
parent cc3b50c06a
commit 2a52f4df8c
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/lib/functions.lib.php
View File

@ -1659,18 +1659,18 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
}
// Security:
// On interdit les remont<6E>es de repertoire ainsi que les pipes dans
// On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans
// les noms de fichiers.
if (eregi('\.\.',$src_file) || eregi('[<>|]',$src_file))
if (eregi('^\.',$src_file) || eregi('\.\.',$src_file) || eregi('[<>|]',$src_file))
{
dolibarr_syslog("Refused to deliver file ".$src_file);
return -1;
}
// Security:
// On interdit les remont<6E>es de repertoire ainsi que les pipe dans
// On interdit fichiers caches, remontees de repertoire ainsi que les pipe dans
// les noms de fichiers.
if (eregi('\.\.',$dest_file) || eregi('[<>|]',$dest_file))
if (eregi('^\.',$dest_file) || eregi('\.\.',$dest_file) || eregi('[<>|]',$dest_file))
{
dolibarr_syslog("Refused to deliver file ".$dest_file);
return -1;