CVE-2016-15017: [SECURITY] Prevent directory traversal · fabarea/media_upload@b25d42a

@@ -34,33 +34,35 @@ public function getUploadedFileList($property = ‘’)

* Return an array of uploaded files, done in a previous step.

*

* @param string $property

* @throws \Exception

* @return UploadedFile[]

* @throws \InvalidArgumentException

* @throws \RuntimeException

*/

public function getUploadedFiles($property = ‘’)

{

$files = array();

$uploadedFiles = GeneralUtility::trimExplode(',’, $this->getUploadedFileList($property), TRUE);

// Convert uploaded files into array

foreach ($uploadedFiles as $uploadedFileName) {

$temporaryFileNameAndPath = UploadManager::UPLOAD_FOLDER . ‘/’ . $uploadedFileName;

// Protection against directory traversal

$uploadedFileName = str_replace(‘…’ . DIRECTORY_SEPARATOR, '’, $uploadedFileName);

$temporaryFileNameAndPath = UploadManager::UPLOAD_FOLDER . DIRECTORY_SEPARATOR . $uploadedFileName;

if (!file_exists($temporaryFileNameAndPath)) {

$message = sprintf(

'I could not find file "%s". Something went wrong during the upload? Or is it some cache effect?’,

$temporaryFileNameAndPath

);

throw new \Exception($message, 1389550006);

throw new \RuntimeException($message, 1389550006);

}

$fileSize = round(filesize($temporaryFileNameAndPath) / 1000);

/** @var UploadedFile $uploadedFile */

$uploadedFile = GeneralUtility::makeInstance(UploadedFile::class);

$uploadedFile->setTemporaryFileNameAndPath($temporaryFileNameAndPath)

->setFileName($uploadedFileName)

->setFileName(basename($uploadedFileName))

->setSize($fileSize);

$files[] = $uploadedFile;