Improve uploaded file security by adding .htfile prefix to filename
This commit is contained in:
parent
1cc06d6a10
commit
fe9e2f3632
|
@ -40,7 +40,7 @@ class AdminerFileUpload {
|
||||||
mkdir(__DIR__ . '/' . $this->uploadPath . '/' . $table);
|
mkdir(__DIR__ . '/' . $this->uploadPath . '/' . $table);
|
||||||
}
|
}
|
||||||
// generate filename
|
// generate filename
|
||||||
$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, ''));
|
$filename = realpath(tempnam(__DIR__ . '/' . $this->uploadPath . '/' . $table, '.htfile'));
|
||||||
|
|
||||||
// prevent the final to be anywhere else then under the upload directory
|
// prevent the final to be anywhere else then under the upload directory
|
||||||
if (strpos($filename, realpath(__DIR__ . '/' . $this->uploadPath)) !== 0) {
|
if (strpos($filename, realpath(__DIR__ . '/' . $this->uploadPath)) !== 0) {
|
||||||
|
|
Loading…
Reference in a new issue