Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX vulenrability reported by wizlynx WLX-2020-012

Browse Source
This commit is contained in:
Laurent Destailleur
2020-06-17 14:45:15 +02:00
parent 23df5596e8
commit 6d6abd4320
4 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/actions_linkedfiles.inc.php
View File

@@ -209,8 +209,10 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha'))
if (empty($reshook))
{
if (! file_exists($destpath))
{
if (preg_match('/^\./', $filenameto)) {
$langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors');
} elseif (! file_exists($destpath)) {
$result = dol_move($srcpath, $destpath);
if ($result)
{