agent foundation
This commit is contained in:
@@ -40,6 +40,7 @@ class ImportTempFileService
|
||||
return ['ok' => false, 'code' => 'unexpected_error'];
|
||||
}
|
||||
|
||||
// Lazy cleanup on each upload — removes abandoned files without needing a separate cron job.
|
||||
$this->cleanupExpired();
|
||||
|
||||
try {
|
||||
@@ -47,6 +48,8 @@ class ImportTempFileService
|
||||
} catch (\Throwable $exception) {
|
||||
$target = $dir . '/import_' . str_replace('.', '', uniqid('', true)) . '.csv';
|
||||
}
|
||||
// Real uploads use move_uploaded_file (validates PHP upload context).
|
||||
// Fallback rename/copy path handles test uploads without a real HTTP context.
|
||||
$moved = false;
|
||||
if (is_uploaded_file($tmpName)) {
|
||||
$moved = @move_uploaded_file($tmpName, $target);
|
||||
@@ -122,6 +125,7 @@ class ImportTempFileService
|
||||
return in_array($extension, ['csv', 'txt'], true);
|
||||
}
|
||||
|
||||
// Resolves both paths via realpath to prevent path traversal attacks (e.g. "../../../etc/passwd").
|
||||
private function isInTmpDir(string $path): bool
|
||||
{
|
||||
$tmpDir = $this->tmpDir();
|
||||
|
||||
Reference in New Issue
Block a user