Work: Security: Sanitize file name that could import document with special characters - refs BT#22273

AngelFQC · AngelFQC · commit 7212fb2a1e00 · 2024-12-06T15:52:10.000-05:00
diff --git a/main/inc/ajax/document.ajax.php b/main/inc/ajax/document.ajax.php
@@ -153,17 +153,8 @@
                 }
 
                 $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $tmpFile = disable_dangerous_file(
-                            api_replace_dangerous_char($file['name'])
-                        );
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);
 
                     $globalFile = [];
                     $globalFile['files'] = $file;
diff --git a/main/inc/ajax/dropbox.ajax.php b/main/inc/ajax/dropbox.ajax.php
@@ -79,19 +79,8 @@
                 }
 
                 $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $tmpFile = disable_dangerous_file(
-                            api_replace_dangerous_char($file['name'])
-                        );
-
-                        // to rename and move the finished file
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);
 
                     $globalFile = [];
                     $globalFile['files'] = $file;
diff --git a/main/inc/ajax/work.ajax.php b/main/inc/ajax/work.ajax.php
@@ -120,14 +120,8 @@
                 }
 
                 $resultList = [];
-                foreach ($fileList as $file) {
-                    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
-                        // to rename and move the finished file
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$file['name'];
-                        $file['tmp_name'] = $chunkedFile;
-                        $file['size'] = filesize($chunkedFile);
-                        $file['copy_file'] = true;
-                    }
+                foreach ($fileList as $fileInfo) {
+                    $file = processChunkedFile($fileInfo);
 
                     $globalFile = [];
                     $globalFile['files'] = $file;
diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php
@@ -2255,3 +2255,20 @@ function getFileUploadSizeLimitForTeacher()
 
     return $size;
 }
+
+function processChunkedFile(array $file): array
+{
+    if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
+        // to rename and move the finished file
+        $tmpFile = disable_dangerous_file(
+            api_replace_dangerous_char($file['name'])
+        );
+
+        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH) . $tmpFile;
+        $file['tmp_name'] = $chunkedFile;
+        $file['size'] = filesize($chunkedFile);
+        $file['copy_file'] = true;
+    }
+
+    return $file;
+}
