diff --git a/core/model/modx/processors/browser/file/create.class.php b/core/model/modx/processors/browser/file/create.class.php index 9226928ac08..e285db26f04 100644 --- a/core/model/modx/processors/browser/file/create.class.php +++ b/core/model/modx/processors/browser/file/create.class.php @@ -33,7 +33,7 @@ public function process() { $directory = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory))),'/'); $name = $this->getProperty('name'); - $name = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($name))),'/'); + $name = ltrim(strip_tags(htmlspecialchars($name)),'/'); $loaded = $this->getSource(); if (!($this->source instanceof modMediaSource)) { diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php index dd1de35b676..7d8ed3f20f7 100644 --- a/core/model/modx/processors/browser/file/remove.class.php +++ b/core/model/modx/processors/browser/file/remove.class.php @@ -33,7 +33,13 @@ public function process() { if (empty($file)) { return $this->modx->error->failure($this->modx->lexicon('file_err_ns')); } - $file = preg_replace('/[\.]{2,}/', '', $file); + $pathinfo = pathinfo($file); + if ($pathinfo['dirname'].DIRECTORY_SEPARATOR.$pathinfo['basename'] != $file) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $file . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $path = $directory.DIRECTORY_SEPARATOR.$name; $loaded = $this->getSource(); if (!($this->source instanceof modMediaSource)) { @@ -42,7 +48,7 @@ public function process() { if (!$this->source->checkPolicy('remove')) { return $this->failure($this->modx->lexicon('permission_denied')); } - $success = $this->source->removeObject($file); + $success = $this->source->removeObject($path); if (empty($success)) { $errors = $this->source->getErrors(); diff --git a/core/model/modx/processors/browser/file/rename.class.php b/core/model/modx/processors/browser/file/rename.class.php index 98e7ce5f68f..58909690b9a 100644 --- a/core/model/modx/processors/browser/file/rename.class.php +++ b/core/model/modx/processors/browser/file/rename.class.php @@ -40,10 +40,23 @@ public function process() { } $oldFile = $this->getProperty('path'); - $oldFile = preg_replace('/[\.]{2,}/', '', htmlspecialchars($oldFile)); - $name = $this->getProperty('name'); - $name = preg_replace('/[\.]{2,}/', '', htmlspecialchars($name)); - $success = $this->source->renameObject($oldFile, $name); + $pathinfo = pathinfo($oldFile); + if ($pathinfo['dirname'].DIRECTORY_SEPARATOR.$pathinfo['basename'] != $oldFile) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $oldFile . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $oldFile = $directory.DIRECTORY_SEPARATOR.$name; + + $newFile = $this->getProperty('name'); + $pathinfo = pathinfo($newFile); + if ($pathinfo['basename'] != $newFile) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $newFile . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $newFile = $directory.DIRECTORY_SEPARATOR.$name; + $success = $this->source->renameObject($oldFile, $newFile); if (empty($success)) { $msg = '';