@@ -716,31 +716,31 @@ private function validateFileId(array $fileId): void
716716 if (isset ($ fileId'tmp_name ' ])) {
717717 $ tmpNametrim ($ fileId'tmp_name ' ]);
718718
719- $ allowedFolders
720- sys_get_temp_dir (),
721- $ this directoryList ->getPath (DirectoryList::MEDIA ),
722- $ this directoryList ->getPath (DirectoryList::VAR_DIR ),
723- $ this directoryList ->getPath (DirectoryList::TMP ),
724- $ this directoryList ->getPath (DirectoryList::UPLOAD ),
725- ];
726-
727- $ disallowedFolders
728- $ this directoryList ->getPath (DirectoryList::LOG ),
729- ];
730-
731- foreach ($ allowedFoldersas $ allowedFolder
732- $ dir$ this filesystem ->getDirectoryReadByPath ($ allowedFolder
733- if ($ dirisExist ($ tmpName
734- $ isValidtrue ;
735- break ;
719+ if (preg_match ('/\.\.( \\\|\/)/ ' , $ tmpName1 ) {
720+ $ allowedFolders
721+ sys_get_temp_dir (),
722+ $ this directoryList ->getPath (DirectoryList::MEDIA ),
723+ $ this directoryList ->getPath (DirectoryList::VAR_DIR ),
724+ $ this directoryList ->getPath (DirectoryList::TMP ),
725+ $ this directoryList ->getPath (DirectoryList::UPLOAD ),
726+ ];
727+
728+ $ disallowedFolders
729+ $ this directoryList ->getPath (DirectoryList::LOG ),
730+ ];
731+
732+ foreach ($ allowedFoldersas $ allowedFolder
733+ if (stripos ($ tmpName$ allowedFolder0 ) {
734+ $ isValidtrue ;
735+ break ;
736+ }
736737 }
737- }
738738
739- foreach ($ disallowedFoldersas $ disallowedFolder
740- $ dir = $ this -> filesystem -> getDirectoryReadByPath ( $ disallowedFolder;
741- if ( $ dir -> isExist ( $ tmpName )) {
742- $ isValid = false ;
743- break ;
739+ foreach ($ disallowedFoldersas $ disallowedFolder
740+ if ( stripos ( $ tmpName , $ disallowedFolder === 0 ) {
741+ $ isValid = false ;
742+ break ;
743+ }
744744 }
745745 }
746746 }
0 commit comments