fixes #179, preventing path traversal

flatpressblog · Dec 25, 2022 · 5d5c7f6 · 5d5c7f6
1 parent 3cc223d
commit 5d5c7f6
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/fp-plugins/mediamanager/panels/panel.mediamanager.file.php b/fp-plugins/mediamanager/panels/panel.mediamanager.file.php
@@ -77,6 +77,8 @@ function doItemActions($folder, $mmbaseurl) {
  /* delete file */
  if (isset($_GET ['deletefile'])) {
  list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
+ // prevent path traversal: remove ".." and "/" resp. "\"
+ $name = preg_replace('(\.\.|\/|\\\\)', '', $name);
  switch ($type) {
  case 'attachs':
  $type = ABS_PATH . ATTACHS_DIR;