File: 0001-SECURITY-prevent-directory-traversal-vulnerability.patch

package info (click to toggle)

php-horde-form 2.0.18-3.1%2Bdeb10u1

links: PTS, VCS
area: main
in suites: buster
size: 1,616 kB
sloc: php: 3,884; xml: 899; makefile: 2

file content (27 lines) | stat: -rw-r--r-- 1,221 bytes

From: Michael J Rubinsky <mrubinsk@horde.org>
Date: Thu, 3 Jan 2019 19:22:56 -0500
Subject: SECURITY: prevent directory traversal vulnerability.
Origin: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9858
Bug-Debian: https://bugs.debian.org/930321

---
 Horde_Form-2.0.18/lib/Horde/Form/Type.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Horde_Form-2.0.18/lib/Horde/Form/Type.php b/Horde_Form-2.0.18/lib/Horde/Form/Type.php
index e92c7903915b..f1e8157f0b68 100644
--- a/Horde_Form-2.0.18/lib/Horde/Form/Type.php
+++ b/Horde_Form-2.0.18/lib/Horde/Form/Type.php
@@ -1205,7 +1205,7 @@ class Horde_Form_Type_image extends Horde_Form_Type {
             /* Get the temp file if already one uploaded, otherwise create a
              * new temporary file. */
             if (!empty($upload['img']['file'])) {
-                $tmp_file = Horde::getTempDir() . '/' . $upload['img']['file'];
+                $tmp_file = Horde::getTempDir() . '/' . basename($upload['img']['file']);
             } else {
                 $tmp_file = Horde::getTempFile('Horde', false);
             }
-- 
2.20.1