redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* fixed Issue 144: Path traversal access

Browse Source 
git-svn-id: http://redmine-dmsf.googlecode.com/svn/trunk/redmine_dmsf@234 5e329b0b-a2ee-ea63-e329-299493fc886d
This commit is contained in:
vit.jonas@gmail.com 2011-09-18 08:28:59 +00:00
parent bf38bdaa03
commit 2627b392e0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/dmsf_upload_controller.rb
View File

@ -93,8 +93,8 @@ class DmsfUploadController < ApplicationController
new_revision.minor_version = last_revision.minor_version
new_revision.workflow = last_revision.workflow
end
commited_disk_filepath = "#{DmsfHelper.temp_dir}/#{commited_file["disk_filename"]}"
commited_disk_filepath = "#{DmsfHelper.temp_dir}/#{commited_file["disk_filename"].gsub(/[\/\\]/,'')}"
new_revision.folder = @folder
new_revision.file = file