Skip to content

I
intranet-timesheet2-invoices
Commit f193aea0 authored by Frank Bergmann's avatar Frank Bergmann
Browse files
Options

- added checks to detect malicious upload filenames

parent 50eb0dc8
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 0 deletions
www/price-lists/upload-prices-2.tcl
View file @ f193aea0
...@@ -24,6 +24,7 @@ set context_bar [im_context_bar [list "/intranet/cusomers/" "<#_ Clients#>"] "<# ...@@ -24,6 +24,7 @@ set context_bar [im_context_bar [list "/intranet/cusomers/" "<#_ Clients#>"] "<#
# number_of_bytes is the upper-limit # number_of_bytes is the upper-limit
set max_n_bytes [ad_parameter -package_id [im_package_filestorage_id] MaxNumberOfBytes "" 0] set max_n_bytes [ad_parameter -package_id [im_package_filestorage_id] MaxNumberOfBytes "" 0]
set tmp_filename [ns_queryget upload_file.tmpfile] set tmp_filename [ns_queryget upload_file.tmpfile]
im_security_alert_check_tmpnam -location "upload-prices-2.tcl" -value $tmp_filename
if { $max_n_bytes && ([file size $tmp_filename] > $max_n_bytes) } { if { $max_n_bytes && ([file size $tmp_filename] > $max_n_bytes) } {
ad_return_complaint 1 "<#_ Your file is larger than the maximum permissible upload size#>: [util_commify_number $max_n_bytes] bytes" ad_return_complaint 1 "<#_ Your file is larger than the maximum permissible upload size#>: [util_commify_number $max_n_bytes] bytes"
return return
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment