diff options
| author | David Rothstein <drothstein@gmail.com> | 2012-12-19 14:00:43 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2012-12-19 14:00:43 -0500 |
| commit | 93c070139811ef156a7ca2097a5d32bf0566febc (patch) | |
| tree | 84cc1900fb3ee8500e1e04137689d09efb460988 /includes/file.inc | |
| parent | 82a360da5ef8c5e376b007f5e8282cf0e65a80d5 (diff) | |
| parent | b47f95d3013619e33cafdf8b769b2b6179a07956 (diff) | |
| download | brdo-93c070139811ef156a7ca2097a5d32bf0566febc.tar.gz brdo-93c070139811ef156a7ca2097a5d32bf0566febc.tar.bz2 | |
Merge branch '7.17-security' into 7.x
Diffstat (limited to 'includes/file.inc')
| -rw-r--r-- | includes/file.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/includes/file.inc b/includes/file.inc index 1e256c634..278be3ddc 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -1113,6 +1113,9 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) { // Allow potentially insecure uploads for very savvy users and admin if (!variable_get('allow_insecure_uploads', 0)) { + // Remove any null bytes. See http://php.net/manual/en/security.filesystem.nullbytes.php + $filename = str_replace(chr(0), '', $filename); + $whitelist = array_unique(explode(' ', trim($extensions))); // Split the filename up by periods. The first part becomes the basename |