From a9f4342ad2dc9da4848bb9de0868af3940670170 Mon Sep 17 00:00:00 2001 From: anonymoususer72041 <247563575+anonymoususer72041@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:27:56 +0200 Subject: [PATCH 1/2] Harden import temporary file handling --- modules/import/ImportUI.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/modules/import/ImportUI.php b/modules/import/ImportUI.php index cd3f8afdd..805a5b371 100755 --- a/modules/import/ImportUI.php +++ b/modules/import/ImportUI.php @@ -509,7 +509,6 @@ private function onImport() } /* Get file metadata. */ - $originalFilename = $_FILES['file']['name']; $tempFilename = $_FILES['file']['tmp_name']; $contentType = $_FILES['file']['type']; $fileSize = $_FILES['file']['size']; @@ -552,14 +551,7 @@ private function onImport() @chmod(CATS_TEMP_DIR, 0777); /* Make a random file name for the file. */ - if ($dataType != 'Resume') - { - $randomFile = FileUtility::makeRandomFilename($tempFilename) . '.tmp'; - } - else - { - $randomFile = $originalFilename; - } + $randomFile = FileUtility::makeRandomFilename($tempFilename) . '.tmp'; /* Build new path information for the file. */ $newFileFullPath = CATS_TEMP_DIR . '/' . $randomFile; @@ -592,6 +584,16 @@ private function onImport() break; default: + @unlink($newFileFullPath); + $validFileIDKey = array_search( + $randomFile, + $_SESSION['CATS']->validImportFileIDs, + true + ); + if ($validFileIDKey !== false) + { + unset($_SESSION['CATS']->validImportFileIDs[$validFileIDKey]); + } $this->_template->assign( 'errorMessage', 'No parser exists for the specified data type.' From ba0acbda81884edf3e0118790558bd4589065ffe Mon Sep 17 00:00:00 2001 From: anonymoususer72041 <247563575+anonymoususer72041@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:28:30 +0200 Subject: [PATCH 2/2] Validate staged import file identifiers --- modules/import/ImportUI.php | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/modules/import/ImportUI.php b/modules/import/ImportUI.php index 805a5b371..ee9ebd772 100755 --- a/modules/import/ImportUI.php +++ b/modules/import/ImportUI.php @@ -60,6 +60,15 @@ public function __construct() $this->_subTabs = array(); } + private function isValidImportFileID($fileID) + { + return $fileID != '' && + $fileID === basename($fileID) && + isset($_SESSION['CATS']->validImportFileIDs) && + is_array($_SESSION['CATS']->validImportFileIDs) && + in_array($fileID, $_SESSION['CATS']->validImportFileIDs, true); + } + public function handleRequest() { @@ -471,6 +480,19 @@ private function onImport() /* If a file was submitted, then the user sent what colums he wanted to use already. */ if (isset($_POST['fileName'])) { + $fileName = $this->getTrimmedInput('fileName', $_POST); + if (!$this->isValidImportFileID($fileName)) + { + $this->_template->assign( + 'errorMessage', + 'Invalid staged import file.' + ); + $this->import(); + return; + } + + $_POST['fileName'] = $fileName; + if ($_SESSION['CATS']->isDemo()) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Demo user can not import data.'); @@ -763,11 +785,20 @@ public function onImportFieldsDelimited() CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.'); } - $filePath = CATS_TEMP_DIR . '/' . $_POST['fileName']; + $fileName = $this->getTrimmedInput('fileName', $_POST); + if (!$this->isValidImportFileID($fileName)) + { + $this->_template->assign('errorMessage', 'Invalid staged import file.'); + $this->import(); + return; + } + + $filePath = CATS_TEMP_DIR . '/' . $fileName; if (!is_file($filePath)) { $this->_template->assign('errorMessage', 'Invalid filename. (Internal error)'); $this->import(); + return; } $dataContaining = $this->getTrimmedInput('dataContaining', $_POST);