add sanitize two dots in filepath for file uploading

tolanych · tolanych · commit 68a3c70741b5 · 2019-02-05T17:09:25.000+03:00
diff --git a/core/model/modx/sources/modfilemediasource.class.php b/core/model/modx/sources/modfilemediasource.class.php
@@ -873,7 +873,7 @@ public function uploadObjectsToContainer($container,array $objects = array()) {
             }
 
             $newPath = $this->fileHandler->sanitizePath($file['name']);
-            $newPath = $directory->getPath().$newPath;
+            $newPath = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory->getPath().$newPath))));
 
             if (!move_uploaded_file($file['tmp_name'],$newPath)) {
                 $this->addError('path',$this->xpdo->lexicon('file_err_upload'));

Original file line number	Diff line number	Diff line change
`@@ -873,7 +873,7 @@ public function uploadObjectsToContainer($container,array $objects = array()) {`
`873`	`873`	`}`
`874`	`874`
`875`	`875`	`$newPath = $this->fileHandler->sanitizePath($file['name']);`
`876`		`- $newPath = $directory->getPath().$newPath;`
	`876`	`+ $newPath = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory->getPath().$newPath))));`
`877`	`877`
`878`	`878`	`if (!move_uploaded_file($file['tmp_name'],$newPath)) {`
`879`	`879`	`$this->addError('path',$this->xpdo->lexicon('file_err_upload'));`