diff options
| author | Michal Čihař <michal@cihar.com> | 2016-07-22 12:49:35 +0300 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2016-07-22 12:49:35 +0300 |
| commit | 378c3820bf1a3c184640cd8bbe95a3b1f30ff747 (patch) | |
| tree | a0d43dab0dc5838c9f2b2d60bcfcaba0cbe188cd /libraries/plugins | |
| parent | 6f8eb0993d1a37f14608b90e433791b723c51085 (diff) | |
Sanitize filename on SHP import
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'libraries/plugins')
| -rw-r--r-- | libraries/plugins/import/ImportShp.class.php | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/libraries/plugins/import/ImportShp.class.php b/libraries/plugins/import/ImportShp.class.php index c5b3cc2124..70e4bdef04 100644 --- a/libraries/plugins/import/ImportShp.class.php +++ b/libraries/plugins/import/ImportShp.class.php @@ -119,19 +119,23 @@ class ImportShp extends ImportPlugin // Extract the .dbf file and point to it. $extracted = PMA_zipExtract( $import_file, - realpath($GLOBALS['cfg']['TempDir']), - array($dbf_file_name) + $dbf_file_name ); - if ($extracted) { + if ($extracted !== false) { $dbf_file_path = realpath($GLOBALS['cfg']['TempDir']) - . (PMA_IS_WINDOWS ? '\\' : '/') . $dbf_file_name; - $temp_dbf_file = true; - // Replace the .dbf with .*, as required - // by the bsShapeFiles library. - $file_name = substr( - $dbf_file_path, 0, strlen($dbf_file_path) - 4 - ) . '.*'; - $shp->FileName = $file_name; + . (PMA_IS_WINDOWS ? '\\' : '/') . PMA_sanitizeFilename($dbf_file_name, true); + $handle = fopen($dbf_file_path, 'wb'); + if ($handle !== false) { + fwrite($handle, $extracted); + fclose($handle); + $temp_dbf_file = true; + // Replace the .dbf with .*, as required + // by the bsShapeFiles library. + $file_name = substr( + $dbf_file_path, 0, strlen($dbf_file_path) - 4 + ) . '.*'; + $shp->FileName = $file_name; + } } } } elseif (! empty($local_import_file) |