diff options
author | Kate Arzamastseva <pshns@ukr.net> | 2011-09-06 19:19:35 +0300 |
---|---|---|
committer | Kate Arzamastseva <pshns@ukr.net> | 2011-09-06 19:19:35 +0300 |
commit | 62231793d3f25f1cc59d328ee5d4e28c483f7962 (patch) | |
tree | 062f1ec373dc02669e707c85f91980bb24f4eda4 /inc/media.php | |
parent | 9ea9cc5260965262406f3eff600201f995049e1c (diff) | |
download | rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.gz rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.bz2 |
issue #59 security fix
Diffstat (limited to 'inc/media.php')
-rw-r--r-- | inc/media.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/media.php b/inc/media.php index 4db23ed8d..80d066c8d 100644 --- a/inc/media.php +++ b/inc/media.php @@ -247,7 +247,7 @@ function media_upload_xhr($ns,$auth){ fclose($input); if ($realSize != (int)$_SERVER["CONTENT_LENGTH"]) return false; if (!($tmp = io_mktmpdir())) return false; - $path = $tmp.'/'.$id; + $path = $tmp.'/'.md5($id); $target = fopen($path, "w"); fseek($temp, 0, SEEK_SET); stream_copy_to_stream($temp, $target); |