Security: Avoid dangerous file name when uploading a file by extra field

AngelFQC · AngelFQC · commit 884d9b396b5d · 2024-04-11T15:53:08.000-05:00
diff --git a/main/inc/lib/extra_field_value.lib.php b/main/inc/lib/extra_field_value.lib.php
@@ -334,14 +334,13 @@ public function saveFieldValues(
                             break;
                     }
 
-                    $cleanedName = api_replace_dangerous_char($value['name']);
-                    $fileName = ExtraField::FIELD_TYPE_FILE."_{$params['item_id']}_$cleanedName";
                     if (!file_exists($fileDir)) {
                         mkdir($fileDir, $dirPermissions, true);
                     }
 
                     if (!empty($value['tmp_name']) && isset($value['error']) && $value['error'] == 0) {
                         $cleanedName = api_replace_dangerous_char($value['name']);
+                        $cleanedName = disable_dangerous_file($cleanedName);
                         $fileName = ExtraField::FIELD_TYPE_FILE."_{$params['item_id']}_$cleanedName";
                         moveUploadedFile($value, $fileDir.$fileName);
 

Original file line number	Diff line number	Diff line change
`@@ -334,14 +334,13 @@ public function saveFieldValues(`
`334`	`334`	`break;`
`335`	`335`	`}`
`336`	`336`
`337`		`- $cleanedName = api_replace_dangerous_char($value['name']);`
`338`		`- $fileName = ExtraField::FIELD_TYPE_FILE."_{$params['item_id']}_$cleanedName";`
`339`	`337`	`if (!file_exists($fileDir)) {`
`340`	`338`	`mkdir($fileDir, $dirPermissions, true);`
`341`	`339`	`}`
`342`	`340`
`343`	`341`	`if (!empty($value['tmp_name']) && isset($value['error']) && $value['error'] == 0) {`
`344`	`342`	`$cleanedName = api_replace_dangerous_char($value['name']);`
	`343`	`+ $cleanedName = disable_dangerous_file($cleanedName);`
`345`	`344`	`$fileName = ExtraField::FIELD_TYPE_FILE."_{$params['item_id']}_$cleanedName";`
`346`	`345`	`moveUploadedFile($value, $fileDir.$fileName);`
`347`	`346`