Skip to content

Commit 0dac9e2

Browse files
mrflosmrflos
committed
fix(attach): no html in filenames
1 parent 6c9236d commit 0dac9e2

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

tools/attach/libs/attach.lib.php

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -405,9 +405,9 @@ public function searchFiles($filepattern, $start_dir)
405405
public function CheckParams()
406406
{
407407
// recuperation des parametres necessaire
408-
$this->file = $this->wiki->GetParameter('attachfile');
408+
$this->file = htmlspecialchars($this->wiki->GetParameter('attachfile'));
409409
if (empty($this->file)) {
410-
$this->file = $this->wiki->GetParameter('file');
410+
$this->file = htmlspecialchars($this->wiki->GetParameter('file'));
411411
}
412412

413413
$this->desc = $this->wiki->GetParameter('attachdesc');
@@ -723,15 +723,19 @@ public function doUpload()
723723
*/
724724
public function showUploadForm()
725725
{
726-
$this->file = $_GET['file'];
727-
echo '<h3>' . _t('ATTACH_UPLOAD_FORM_FOR_FILE') . ' ' . $this->file . "</h3>\n";
728-
echo '<form enctype="multipart/form-data" name="frmUpload" method="POST" action="' . $this->wiki->href('upload', $this->wiki->GetPageTag()) . "\">\n"
726+
$this->file = realpath(filter_input(INPUT_GET, 'file', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
727+
if (!empty($this->file)) {
728+
echo '<h3>' . _t('ATTACH_UPLOAD_FORM_FOR_FILE') . ' ' . $this->file . "</h3>\n";
729+
echo '<form enctype="multipart/form-data" name="frmUpload" method="POST" action="' . $this->wiki->href('upload', $this->wiki->GetPageTag()) . "\">\n"
729730
. ' <input type="hidden" name="wiki" value="' . $this->wiki->GetPageTag() . "/upload\" />\n"
730731
. ' <input type="hidden" name="MAX_FILE_SIZE" value="' . $this->attachConfig['max_file_size'] . "\" />\n"
731732
. " <input type=\"hidden\" name=\"file\" value=\"$this->file\" />\n"
732733
. " <input type=\"file\" name=\"upFile\" size=\"50\" /><br />\n"
733734
. ' <input class="btn btn-primary" type="submit" value="' . _t('ATTACH_SAVE') . "\" />\n"
734735
. "</form>\n";
736+
} else {
737+
echo '<div class="alert alert-danger">No valid filename</div>';
738+
}
735739
}
736740

737741
/**
@@ -741,7 +745,7 @@ public function performUpload()
741745
{
742746
$this->file = $_POST['file'];
743747
$pathinfo = pathinfo($this->file);
744-
$ext = strtolower($pathinfo['extension']);
748+
$ext = strtolower($pathinfo['extension'] ?? '');
745749
if ($this->wiki->config['authorized-extensions'] && !in_array($ext, array_keys($this->wiki->config['authorized-extensions']))) {
746750
$_FILES['upFile']['error'] = 5;
747751
}

0 commit comments

Comments
 (0)