Avoiding XSS via filename.

author: Sem <sembrestels@riseup.net> 2012-09-18 20:35:43 +0200
committer: Sem <sembrestels@riseup.net> 2012-09-18 20:35:43 +0200
commit: 2568ba3296d99c328df0c2b25df1e16c6a3b143f (patch)
tree: 5da91b67f0c6c6bd3858ed7768ecade6eb7ac456 /actions/photos/image
parent: ece60b30a4f2fca5708df3fc9e8a9384ab717819 (diff)
download: elgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.gz
elgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.bz2
1 files changed, 4 insertions, 3 deletions
diff --git a/actions/photos/image/upload.php b/actions/photos/image/upload.php
index 2dd0959bf..268712666 100644
--- a/actions/photos/image/upload.php
+++ b/actions/photos/image/upload.php
@@ -49,11 +49,12 @@ foreach ($_FILES['images']['name'] as $index => $value) {
 	if (empty($data['name'])) {
 		continue;
 	}
+	$name = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8', false);
 
-	$mime = tp_upload_get_mimetype($data['name']);
+	$mime = tp_upload_get_mimetype($name);
 
 	$image = new TidypicsImage();
-	$image->title = $data['name'];
+	$image->title = $name;
 	$image->container_guid = $album->getGUID();
 	$image->setMimeType($mime);
 	$image->access_id = $album->access_id;
@@ -61,7 +62,7 @@ foreach ($_FILES['images']['name'] as $index => $value) {
 	try {
 		$result = $image->save($data);
 	} catch (Exception $e) {
-		array_push($not_uploaded, $data['name']);
+		array_push($not_uploaded, $name);
 		array_push($error_msgs, $e->getMessage());
 	}
author	Sem <sembrestels@riseup.net>	2012-09-18 20:35:43 +0200
committer	Sem <sembrestels@riseup.net>	2012-09-18 20:35:43 +0200
commit	2568ba3296d99c328df0c2b25df1e16c6a3b143f (patch)
tree	5da91b67f0c6c6bd3858ed7768ecade6eb7ac456 /actions/photos/image
parent	ece60b30a4f2fca5708df3fc9e8a9384ab717819 (diff)
download	elgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.gz elgg-2568ba3296d99c328df0c2b25df1e16c6a3b143f.tar.bz2