fwrite($fp, $index_file);
fclose($fp);
}
- if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$_POST['unique_name']))
- unlink($dir."/".$_POST['unique_name']);
+ // file name compatible with POSIX
+ // protect against directory traversal
+ $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+ if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name))
+ unlink($dir."/".$unique_name);
$unique_name = uniqid('');
move_uploaded_file($tmpname, $dir."/".$unique_name);
else
$filename = $conn['dbname'] . "_" . date("Ymd_Hi") . ".sql";
- return db_export($conn, $filename, $ext, $comm, $tbpref);
+ return db_export($conn, clean_file_name($filename), $ext, $comm, $tbpref);
}
// generates a dump of $db database
return null;
}
+/*
+
+ Protect against directory traversal.
+ Changes all not POSIX compatible chars to underscore.
+*/
+function clean_file_name($filename) {
+ return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
+}
?>
\ No newline at end of file
projects / fa-stable.git / commitdiff