@@ -114,15 +114,32 @@ public function moveTo(string $targetPath): void
114114 throw new Exception ($ this getUploadErrorMessage ($ this error ));
115115 }
116116
117+ // Check if this is a legitimate uploaded file (POST method uploads)
117118 $ isUploadedFileis_uploaded_file ($ this tmpName ) === true ;
118- if (
119- $ isUploadedFiletrue
120- &&
121- move_uploaded_file ($ this tmpName , $ targetPathfalse
122- ) {
123- throw new Exception ( ' Cannot move uploaded file ' ); // @codeCoverageIgnore
124- } elseif ($ isUploadedFile === false && getenv ('PHPUNIT_TEST ' )) {
119+
120+ if ( $ isUploadedFiletrue ) {
121+ // Standard POST upload - use move_uploaded_file for security
122+ if ( move_uploaded_file ($ this tmpName , $ targetPathfalse ) {
123+ throw new Exception ( ' Cannot move uploaded file ' ); // @codeCoverageIgnore
124+ }
125+ } elseif (getenv ('PHPUNIT_TEST ' )) {
125126 rename ($ this tmpName , $ targetPath
127+ } elseif (file_exists ($ this tmpName ) === true && is_readable ($ this tmpName ) === true ) {
128+ // Handle non-POST uploads (PATCH, PUT, DELETE) or other valid temp files
129+ // Verify the file is in a valid temp directory for security
130+ $ tempDirsys_get_temp_dir ();
131+ $ uploadTmpDirini_get ('upload_tmp_dir ' ) ?: $ tempDir
132+
133+ if (strpos (realpath ($ this tmpName ), realpath ($ uploadTmpDir0 ||
134+ strpos (realpath ($ this tmpName ), realpath ($ tempDir0 ) {
135+ if (rename ($ this tmpName , $ targetPathfalse ) {
136+ throw new Exception ('Cannot move uploaded file ' );
137+ }
138+ } else {
139+ throw new Exception ('Invalid temporary file location ' );
140+ }
141+ } else {
142+ throw new Exception ('Temporary file does not exist or is not readable ' );
126143 }
127144 }
128145
0 commit comments