Dropbox: Security: Sanitize file name that could import document with special characters - refs BT#22273

Author: AngelFQC

main/inc/ajax/dropbox.ajax.php

@@ -82,7 +82,12 @@
                 foreach ($fileList as $file) {
                     if (isset($_REQUEST['chunkAction']) && 'done' === $_REQUEST['chunkAction']) {
                         // to rename and move the finished file
-                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$file['name'];
+                        $tmpFile = disable_dangerous_file(
+                            api_replace_dangerous_char($file['name'])
+                        );
+
+                        // to rename and move the finished file
+                        $chunkedFile = api_get_path(SYS_ARCHIVE_PATH).$tmpFile;
                         $file['tmp_name'] = $chunkedFile;
                         $file['size'] = filesize($chunkedFile);
                         $file['copy_file'] = true;