1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 35d382cc3a0482c07d0c2272cac89a340922e0a6 Mon Sep 17 00:00:00 2001
From: Michael J Rubinsky <mrubinsk@horde.org>
Date: Sun, 1 Mar 2020 14:46:49 -0500
Subject: [PATCH] SECURITY: Prevent ability to specify temporary filename.
Origin: https://github.com/horde/Form/commit/35d382cc3a0482c07d0c2272cac89a340922e0a6
---
lib/Horde/Form/Type.php | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/Horde_Form-2.0.15/lib/Horde/Form/Type.php b/Horde_Form-2.0.15/lib/Horde/Form/Type.php
index f1e8157..e302d8d 100644
--- a/Horde_Form-2.0.15/lib/Horde/Form/Type.php
+++ b/Horde_Form-2.0.15/lib/Horde/Form/Type.php
@@ -1200,12 +1200,11 @@ class Horde_Form_Type_image extends Horde_Form_Type {
if (!empty($upload['hash'])) {
$upload['img'] = $session->get('horde', 'form/' . $upload['hash']);
$session->remove('horde', 'form/' . $upload['hash']);
- }
-
- /* Get the temp file if already one uploaded, otherwise create a
- * new temporary file. */
- if (!empty($upload['img']['file'])) {
- $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
+ if (!empty($upload['img']['file'])) {
+ $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
+ } else {
+ $tmp_file = Horde::getTempFile('Horde', false);
+ }
} else {
$tmp_file = Horde::getTempFile('Horde', false);
}
--
2.20.1
|
