Re: [RCD] Not-so-unique filenames in $_FILES

9 Oct 2012


      On 10/09/2012 09:51 AM, Robin Elfrink wrote:
...
        $tmp_path = tempnam($temp_dir, 'rcmAttmnt');

I suppose changing this to
$tmp_path = tempnam($temp_dir, 'rcmAttmnt' . $RCMAIL->user->ID);
should at least fix security part of this issue.
-- 
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCD] Not-so-unique filenames in $_FILES