aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions_upload.php')
-rw-r--r--phpBB/includes/functions_upload.php8
1 files changed, 7 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index a3109c0ef4..f24edb1dea 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -91,6 +91,12 @@ class filespec
switch ($mode)
{
case 'real':
+ // Remove every extension from filename (to not let the mime bug being exposed)
+ if (strpos($this->realname, '.') !== false)
+ {
+ $this->realname = substr($this->realname, 0, strpos($this->realname, '.'));
+ }
+
// Replace any chars which may cause us problems with _
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
@@ -575,7 +581,7 @@ class fileupload
unset($url_ary);
$tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache';
- $filename = tempnam($tmp_path, uniqid(rand()) . '-');
+ $filename = tempnam($tmp_path, unique_id() . '-');
if (!($fp = @fopen($filename, 'wb')))
{