AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-04 04:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add index.php files to upload directories to prevent file traversal

Browse Source
This commit is contained in:
Marcus Hill
2022-01-07 18:35:23 +00:00
parent 2bfb50616c
commit c5e976d995
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
post.php
View File

@@ -1015,6 +1015,7 @@ if(isset($_POST['add_client'])){
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
mkdir("uploads/clients/$session_company_id/$client_id");
file_put_contents("uploads/clients/$session_company_id/$client_id/index.php", "");
}
//Add Location

4
setup.php
View File

@@ -482,9 +482,13 @@ if(isset($_POST['add_company_settings'])){
$config_aes_key = keygen();
mkdir_missing("uploads/clients/$company_id");
file_put_contents("uploads/clients/$company_id/index.php", "");
mkdir_missing("uploads/expenses/$company_id");
file_put_contents("uploads/expenses/$company_id/index.php", "");
mkdir_missing("uploads/settings/$company_id");
file_put_contents("uploads/settings/$company_id/index.php", "");
mkdir_missing("uploads/tmp/$company_id");
file_put_contents("uploads/tmp/$company_id/index.php", "");
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){