From f8acdae2378a2f1ff382cc2934edf59014699e4c Mon Sep 17 00:00:00 2001
From: James Collins <james.collins@outlook.com.au>
Date: Thu, 15 Jan 2026 07:56:32 +1000
Subject: [PATCH] fix path traversal risk

---
 app/Http/Controllers/MediaController.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/MediaController.php b/app/Http/Controllers/MediaController.php
index 98ddc77..699288d 100644
--- a/app/Http/Controllers/MediaController.php
+++ b/app/Http/Controllers/MediaController.php
@@ -386,6 +386,10 @@ class MediaController extends Controller
 
         $fileName = $request->input('filename', $file->getClientOriginalName());
         $fileName = Helpers::cleanFileName($fileName);
+        if ($fileName === '') {
+            $extension = strtolower($file->getClientOriginalExtension());
+            $fileName = 'upload' . ($extension !== '' ? '.' . $extension : '');
+        }
 
         if(($request->has('filestart') || $request->has('fileappend')) && $request->has('filesize')) {
             $fileSize = $request->get('filesize');
@@ -394,7 +398,8 @@ class MediaController extends Controller
                 throw new FileTooLargeException('The file is larger than the maximum size allowed of ' . Helpers::bytesToString($max_size));
             }
 
-            $tempFilePath = sys_get_temp_dir() . '/chunk-' . Auth::id() . '-' . $fileName;
+            $chunkKey = hash('sha256', $fileName);
+            $tempFilePath = sys_get_temp_dir() . '/chunk-' . Auth::id() . '-' . $chunkKey;
 
             $filemode = 'a';
             if($request->has('filestart')) {