Fix: clear file name send by php

2012-06-01 07:11:00 +02:00 · 2012-06-01 07:11:00 +02:00 · e9994c683a
commit e9994c683a
parent 6c963fc591
1 changed files with 4 additions and 1 deletions
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@ -495,7 +495,10 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1)
 */
 function dol_unescapefile($filename)
 {
-    return stripslashes($filename);
+	// Remove path information and dots around the filename, to prevent uploading
+	// into different directories or replacing hidden system files.
+	// Also remove control characters and spaces (\x00..\x20) around the filename:
+	return trim(basename(stripslashes($filename)), ".\x00..\x20");
 }

 /**