Merge pull request from GHSA-x8wj-6m73-gfqp

Controller/DropzoneController.php

@@ -41,7 +41,7 @@ public function upload()
     protected function parseChunkedRequest(Request $request)
     {
         $totalChunkCount = $request->get('dztotalchunkcount');
-        $index = $request->get('dzchunkindex');
+        $index = (int) $request->get('dzchunkindex');
         $last = ($index + 1) === (int) $totalChunkCount;
         $uuid = $request->get('dzuuid');
 

Controller/FineUploaderController.php

@@ -41,11 +41,11 @@ public function upload()
 
     protected function parseChunkedRequest(Request $request)
     {
-        $index = $request->get('qqpartindex');
-        $total = $request->get('qqtotalparts');
+        $index = (int) $request->get('qqpartindex');
+        $total = (int) $request->get('qqtotalparts');
         $uuid  = $request->get('qquuid');
         $orig  = $request->get('qqfilename');
-        $last  = ($total - 1) == $index;
+        $last  = ($total - 1) === $index;
 
         return array($last, $uuid, $index, $orig);
     }

Controller/PluploadController.php

@@ -36,8 +36,8 @@ protected function parseChunkedRequest(Request $request)
         $session = $this->container->get('session');
 
         $orig  = $request->get('name');
-        $index = $request->get('chunk');
-        $last  = $request->get('chunks') - 1 == $request->get('chunk');
+        $index = (int) $request->get('chunk');
+        $last  = (int) $request->get('chunks') - 1 === (int) $request->get('chunk');
 
         // it is possible, that two clients send a file with the
         // exact same filename, therefore we have to add the session

Uploader/Chunk/Storage/FilesystemStorage.php

@@ -39,6 +39,9 @@ public function clear($maxAge)
 
     public function addChunk($uuid, $index, UploadedFile $chunk, $original)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         $filesystem = new Filesystem();
         $path = sprintf('%s/%s', $this->directory, $uuid);
         $name = sprintf('%s_%s', $index, $original);
@@ -107,6 +110,9 @@ public function cleanup($path)
 
     public function getChunks($uuid)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         $finder = new Finder();
         $finder
             ->in(sprintf('%s/%s', $this->directory, $uuid))->files()->sort(function(\SplFileInfo $a, \SplFileInfo $b) {

Uploader/Chunk/Storage/FlysystemStorage.php

@@ -66,6 +66,9 @@ public function clear($maxAge, $prefix = null)
 
     public function addChunk($uuid, $index, UploadedFile $chunk, $original)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         $this->unhandledChunk = array(
             'uuid' => $uuid,
             'index' => $index,
@@ -137,6 +140,9 @@ public function cleanup($path)
 
     public function getChunks($uuid)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         return $this->filesystem->listFiles($this->prefix.'/'.$uuid);
     }
 

Uploader/Chunk/Storage/GaufretteStorage.php

@@ -98,6 +98,9 @@ public function clear($maxAge, $prefix = null)
      */
     public function addChunk($uuid, $index, UploadedFile $chunk, $original)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         $this->unhandledChunk = array(
             'uuid' => $uuid,
             'index' => $index,
@@ -170,6 +173,9 @@ public function cleanup($path)
 
     public function getChunks($uuid)
     {
+        // Prevent path traversal attacks
+        $uuid = basename($uuid);
+
         $results = $this->filesystem->listKeys($this->prefix.'/'.$uuid);
 
         /* exclude files without an index, so if there is a completed file which