From: Michael J Rubinsky <mrubinsk@horde.org>
Date: Thu, 3 Jan 2019 19:22:56 -0500
Subject: SECURITY: prevent directory traversal vulnerability.
Origin: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9858
Bug-Debian: https://bugs.debian.org/930321

---
 Horde_Form-2.0.18/lib/Horde/Form/Type.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Horde_Form-2.0.18/lib/Horde/Form/Type.php b/Horde_Form-2.0.18/lib/Horde/Form/Type.php
index e92c7903915b..f1e8157f0b68 100644
--- a/Horde_Form-2.0.18/lib/Horde/Form/Type.php
+++ b/Horde_Form-2.0.18/lib/Horde/Form/Type.php
@@ -1205,7 +1205,7 @@ class Horde_Form_Type_image extends Horde_Form_Type {
             /* Get the temp file if already one uploaded, otherwise create a
              * new temporary file. */
             if (!empty($upload['img']['file'])) {
-                $tmp_file = Horde::getTempDir() . '/' . $upload['img']['file'];
+                $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
             } else {
                 $tmp_file = Horde::getTempFile('Horde', false);
             }
-- 
2.20.1