STEMMechanics/Website
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 3 Wiki Activity

fix path traversal risk

Browse Source
This commit is contained in:
James Collins
2026-01-15 07:56:32 +10:00
parent 63582dc306
commit f8acdae237
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Controllers/MediaController.php
View File

@@ -386,6 +386,10 @@ class MediaController extends Controller
$fileName = $request->input('filename', $file->getClientOriginalName()); $fileName = $request->input('filename', $file->getClientOriginalName());
$fileName = Helpers::cleanFileName($fileName); $fileName = Helpers::cleanFileName($fileName);
if ($fileName === '') {
$extension = strtolower($file->getClientOriginalExtension());
$fileName = 'upload' . ($extension !== '' ? '.' . $extension : '');
}
if(($request->has('filestart') || $request->has('fileappend')) && $request->has('filesize')) { if(($request->has('filestart') || $request->has('fileappend')) && $request->has('filesize')) {
$fileSize = $request->get('filesize'); $fileSize = $request->get('filesize');
@@ -394,7 +398,8 @@ class MediaController extends Controller
throw new FileTooLargeException('The file is larger than the maximum size allowed of ' . Helpers::bytesToString($max_size)); throw new FileTooLargeException('The file is larger than the maximum size allowed of ' . Helpers::bytesToString($max_size));
} }
$tempFilePath = sys_get_temp_dir() . '/chunk-' . Auth::id() . '-' . $fileName; $chunkKey = hash('sha256', $fileName);
$tempFilePath = sys_get_temp_dir() . '/chunk-' . Auth::id() . '-' . $chunkKey;
$filemode = 'a'; $filemode = 'a';
if($request->has('filestart')) { if($request->has('filestart')) {