mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-05-06 08:05:51 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

issue #1073 prevents from making uploaded file executable

Browse source 
* for the name of the file in buffer directory, do not use the name given by the user, but the md5 of the name without extension
* function add_uploaded_file deletes uploaded file if not expected
This commit is contained in:
plegall 2019-09-20 16:26:21 +02:00
parent 7e154ab093
commit fa8996e10f
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/ws_functions/pwg.images.php
View file

@ -1348,6 +1348,10 @@ function ws_images_upload($params, $service)
$fileName = uniqid("file_");
}
// change the name of the file in the buffer to avoid any unexpected
// extension. Function add_uploaded_file will eventually clean the mess.
$fileName = md5($fileName);
$filePath = $upload_dir.DIRECTORY_SEPARATOR.$fileName;
// Chunking might be enabled