From 62231793d3f25f1cc59d328ee5d4e28c483f7962 Mon Sep 17 00:00:00 2001
From: Kate Arzamastseva <pshns@ukr.net>
Date: Tue, 6 Sep 2011 19:19:35 +0300
Subject: issue #59 security fix

---
 inc/media.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/media.php b/inc/media.php
index 4db23ed8d..80d066c8d 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -247,7 +247,7 @@ function media_upload_xhr($ns,$auth){
     fclose($input);
     if ($realSize != (int)$_SERVER["CONTENT_LENGTH"]) return false;
     if (!($tmp = io_mktmpdir())) return false;
-    $path = $tmp.'/'.$id;
+    $path = $tmp.'/'.md5($id);
     $target = fopen($path, "w");
     fseek($temp, 0, SEEK_SET);
     stream_copy_to_stream($temp, $target);
-- 
cgit v1.2.3