issue #1073 prevents from making uploaded file executable

* for the name of the file in buffer directory, do not use the name given by the user, but the md5 of the name without extension * function add_uploaded_file deletes uploaded file if not expected
2025-04-28 04:09:56 +03:00 · 2019-09-20 16:26:21 +02:00 · 2019-09-20 16:26:21 +02:00 · fa8996e10f
commit fa8996e10f
parent 7e154ab093
2 changed files with 6 additions and 0 deletions
--- a/admin/include/functions_upload.inc.php
+++ b/admin/include/functions_upload.inc.php
@ -237,11 +237,13 @@ SELECT
      }
      else
      {
+        unlink($source_filepath);
        die('unexpected file type');
      }
    }
    else
    {
+      unlink($source_filepath);
      die('forbidden file type');
    }