Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX vulenrability in uploading file found by 美创科技安全实验室

Browse Source
This commit is contained in:
Laurent Destailleur
2019-08-16 21:45:13 +02:00
parent d51a651ab4
commit 898996da4a
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@@ -796,7 +796,8 @@ function dol_size($size, $type = '')
*/
function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
{
$filesystem_forbidden_chars = array('<','>','/','\\','?','*','|','"','°');
// List of special chars for filenames are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file
$filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°');
return dol_string_nospecial($unaccent?dol_string_unaccent($str):$str, $newstr, $filesystem_forbidden_chars);
}