issue #59 security fix

author: Kate Arzamastseva <pshns@ukr.net> 2011-09-06 19:19:35 +0300
committer: Kate Arzamastseva <pshns@ukr.net> 2011-09-06 19:19:35 +0300
commit: 62231793d3f25f1cc59d328ee5d4e28c483f7962 (patch)
tree: 062f1ec373dc02669e707c85f91980bb24f4eda4 /inc
parent: 9ea9cc5260965262406f3eff600201f995049e1c (diff)
download: rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.gz
rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/media.php b/inc/media.php
index 4db23ed8d..80d066c8d 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -247,7 +247,7 @@ function media_upload_xhr($ns,$auth){
     fclose($input);
     if ($realSize != (int)$_SERVER["CONTENT_LENGTH"]) return false;
     if (!($tmp = io_mktmpdir())) return false;
-    $path = $tmp.'/'.$id;
+    $path = $tmp.'/'.md5($id);
     $target = fopen($path, "w");
     fseek($temp, 0, SEEK_SET);
     stream_copy_to_stream($temp, $target);
author	Kate Arzamastseva <pshns@ukr.net>	2011-09-06 19:19:35 +0300
committer	Kate Arzamastseva <pshns@ukr.net>	2011-09-06 19:19:35 +0300
commit	62231793d3f25f1cc59d328ee5d4e28c483f7962 (patch)
tree	062f1ec373dc02669e707c85f91980bb24f4eda4 /inc
parent	9ea9cc5260965262406f3eff600201f995049e1c (diff)
download	rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.gz rpg-62231793d3f25f1cc59d328ee5d4e28c483f7962.tar.bz2