fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Apply FilenameFilter::clean() to all uploaded files, even if not passed to procFileUpload() #2556

Browse source
This commit is contained in:
Kijin Sung 2025-05-22 22:22:08 +09:00
parent 8e85abf97e
commit 3c0048d4ba
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/context/Context.class.php
View file

@ -1339,7 +1339,7 @@ class Context
unset($_FILES[$key]); unset($_FILES[$key]);
continue; continue;
} }
$val['name'] = str_replace('&', '&', escape($val['name'], false)); $val['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name']);
self::set($key, $val, true); self::set($key, $val, true);
self::set('is_uploaded', true); self::set('is_uploaded', true);
self::$_instance->is_uploaded = true; self::$_instance->is_uploaded = true;
@ -1365,7 +1365,7 @@ class Context
break; break;
} }
$file = array(); $file = array();
$file['name'] = str_replace('&', '&', escape($val['name'][$i], false)); $file['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name'][$i]);
$file['type'] = $val['type'][$i]; $file['type'] = $val['type'][$i];
$file['tmp_name'] = $val['tmp_name'][$i]; $file['tmp_name'] = $val['tmp_name'][$i];
$file['error'] = $val['error'][$i]; $file['error'] = $val['error'][$i];