]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
projects / lorea / elgg.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ece60b3)
Avoiding XSS via filename.
authorSem <sembrestels@riseup.net>
Tue, 18 Sep 2012 18:35:43 +0000 (20:35 +0200)
committerSem <sembrestels@riseup.net>
Tue, 18 Sep 2012 18:35:43 +0000 (20:35 +0200)
actions/photos/image/upload.php patch | blob | history

diff --git a/actions/photos/image/upload.php b/actions/photos/image/upload.php
index 2dd0959bf51d7e76e3559703a516ea1208412271..26871266641cf97f3d990299b73995313531769d 100644 (file)
--- a/actions/photos/image/upload.php
+++ b/actions/photos/image/upload.php
@@ -49,11 +49,12 @@ foreach ($_FILES['images']['name'] as $index => $value) {
        if (empty($data['name'])) {
                continue;
        }
+       $name = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8', false);
 
-       $mime = tp_upload_get_mimetype($data['name']);
+       $mime = tp_upload_get_mimetype($name);
 
        $image = new TidypicsImage();
-       $image->title = $data['name'];
+       $image->title = $name;
        $image->container_guid = $album->getGUID();
        $image->setMimeType($mime);
        $image->access_id = $album->access_id;
@@ -61,7 +62,7 @@ foreach ($_FILES['images']['name'] as $index => $value) {
        try {
                $result = $image->save($data);
        } catch (Exception $e) {
-               array_push($not_uploaded, $data['name']);
+               array_push($not_uploaded, $name);
                array_push($error_msgs, $e->getMessage());
        }
 
Social Networking Engine