From fe9e2f36323c20beafb801d07516c892fa73398c Mon Sep 17 00:00:00 2001
From: Lionel Laffineur <lionel@tigron.be>
Date: Wed, 18 Oct 2023 21:07:02 +0200
Subject: [PATCH] Improve uploaded file security by adding .htfile prefix to
 filename

---
 plugins/file-upload.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/file-upload.php b/plugins/file-upload.php
index ef216f35..4b0c7108 100644
--- a/plugins/file-upload.php
+++ b/plugins/file-upload.php
@@ -40,7 +40,7 @@ class AdminerFileUpload {
 				mkdir(__DIR__ . '/' . $this->uploadPath . '/' . $table);
 			}
 			// generate filename
-			$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, ''));
+			$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, '.htfile'));
 			
 			// prevent the final to be anywhere else then under the upload directory
 			if (strpos($filename, realpath(__DIR__ . '/' . $this->uploadPath)) !== 0) {