fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Apply FilenameFilter::clean() to all uploaded files, even if not passed to procFileUpload() #2556

Browse source
This commit is contained in:
Kijin Sung 2025-05-22 22:22:08 +09:00
parent 8e85abf97e
commit 3c0048d4ba
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
classes/context/Context.class.php
View file

@ -1339,7 +1339,7 @@ class Context
unset($_FILES[$key]);
continue;
}
$val['name'] = str_replace('&', '&', escape($val['name'], false));
$val['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name']);
self::set($key, $val, true);
self::set('is_uploaded', true);
self::$_instance->is_uploaded = true;
@ -1365,7 +1365,7 @@ class Context
break;
}
$file = array();
$file['name'] = str_replace('&', '&', escape($val['name'][$i], false));
$file['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($val['name'][$i]);
$file['type'] = $val['type'][$i];
$file['tmp_name'] = $val['tmp_name'][$i];
$file['error'] = $val['error'][$i];