[RCD] Not-so-unique filenames in $_FILES

Robin Elfrink robin at 15augustus.nl
Tue Oct 9 10:08:16 CEST 2012

On 10/09/2012 10:02 AM, A.L.E.C wrote:

>>             $tmp_path = tempnam($temp_dir, 'rcmAttmnt');
> I suppose changing this to
>   $tmp_path = tempnam($temp_dir, 'rcmAttmnt' . $RCMAIL->user->ID);
> should at least fix security part of this issue.

Yes, on RC's part. I was thinking about that.

But then still I get duplicates in $_FILES.


More information about the dev mailing list