From 6d13142f30bfd4b5ca764f39f2333c93cd1e7a11 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 12 Mar 2016 17:44:50 +0900 Subject: [PATCH] Use FilenameFilter in file module --- modules/file/file.controller.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php index 11b876063..78658ba80 100644 --- a/modules/file/file.controller.php +++ b/modules/file/file.controller.php @@ -732,10 +732,8 @@ class fileController extends file } } - // https://github.com/xpressengine/xe-core/issues/1713 - $file_info['name'] = preg_replace('/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']); - $file_info['name'] = removeHackTag($file_info['name']); - $file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']); + // Sanitize filename + $file_info['name'] = Rhymix\Framework\Security\FilenameFilter::clean($file_info['name']); // Get random number generator $random = new Password();