From e9994c683ae142ab7a377fb0e8515af327e0250d Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 1 Jun 2012 07:11:00 +0200 Subject: [PATCH] Fix: clear file name send by php --- htdocs/core/lib/files.lib.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 126824784c8..9a9eaf382d7 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -495,7 +495,10 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1) */ function dol_unescapefile($filename) { - return stripslashes($filename); + // Remove path information and dots around the filename, to prevent uploading + // into different directories or replacing hidden system files. + // Also remove control characters and spaces (\x00..\x20) around the filename: + return trim(basename(stripslashes($filename)), ".\x00..\x20"); } /**