Tightened checks when removing a media file, cleanup

2025-11-12 16:26:07 +01:00 · 2020-11-06 15:05:33 +02:00
parent b9ac46fd13
commit a6f0f4945f
4 changed files with 10 additions and 14 deletions
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -1821,14 +1821,10 @@ class AdminController extends AdminBaseController
            return false;
        }

-        $filename = !empty($this->post['filename']) ? $this->post['filename'] : null;
+        $filename = !empty($this->post['filename']) ? basename($this->post['filename']) : null;

        // Handle bad filenames.
-        if (!Utils::checkFilename($filename)) {
-            $filename = null;
-        }
-
-        if (!$filename) {
+        if (!$filename || !Utils::checkFilename($filename)) {
            $this->admin->json_response = [
                'status'  => 'error',
                'message' => $this->admin::translate('PLUGIN_ADMIN.NO_FILE_FOUND')