summaryrefslogtreecommitdiff
path: root/framework/Web/UI/ActiveControls/TActiveFileUpload.php
diff options
context:
space:
mode:
Diffstat (limited to 'framework/Web/UI/ActiveControls/TActiveFileUpload.php')
-rwxr-xr-xframework/Web/UI/ActiveControls/TActiveFileUpload.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/framework/Web/UI/ActiveControls/TActiveFileUpload.php b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
index 98a7f422..1a49c20d 100755
--- a/framework/Web/UI/ActiveControls/TActiveFileUpload.php
+++ b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
@@ -233,7 +233,7 @@ EOS;
if ($mgr = Prado::getApplication()->getSecurityManager())
{
// this is a less secure method, file info can be still forged from client side, but only if attacker knows the secret application key
- $token = base64_encode($mgr->encrypt(serialize($params)));
+ $token = urlencode(base64_encode($mgr->encrypt(serialize($params))));
}
else
throw new Exception('TActiveFileUpload needs either an application level cache or a security manager to work securely');
@@ -253,7 +253,7 @@ EOS;
else
if ($mgr = Prado::getApplication()->getSecurityManager())
{
- $v = $mgr->decrypt(base64_decode($token));
+ $v = $mgr->decrypt(base64_decode(urldecode($token)));
$params = unserialize($v);
}
else