From 787c32fdf5f925f9dfc9e8df024242532b00252a Mon Sep 17 00:00:00 2001 From: Fabian Schieder Date: Sun, 25 Jan 2026 23:19:39 +0100 Subject: [PATCH] Refactor filename generation for user uploads to use a timestamp for uniqueness and filesystem safety --- .../user_10_69769485461a7618397775.jpg | Bin 0 -> 6779 bytes upload.php | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 assets/images/profilePictures/user_10_69769485461a7618397775.jpg diff --git a/assets/images/profilePictures/user_10_69769485461a7618397775.jpg b/assets/images/profilePictures/user_10_69769485461a7618397775.jpg new file mode 100644 index 0000000000000000000000000000000000000000..20da0557dd46bf4ee06f88242670f3d3b2416397 GIT binary patch literal 6779 zcmeHKX;_m;*1(P(0I);+0HV>Izg)g}(f#T*l=WqV)i=e?p94H`q+Q3&BYsG4XMDYT}_~Z7t#~*ln8+-qO*S0ay;o3z2 z*eNB(C%pf_+S}OU54@er2~Qs)PCO?-j8EYLLd0wMCfk`vdEp)H#l7OU4+*#iz<~?E z3BUsg0epb~AQ;dQ_joa9|Jv@{H#=K^Ahz)ow}C)7Konbe13qF~ZSiObKmxqPJytyK zC4K_LGsLpZ{dNxke{xE~Lbv^iQ`K@o|B`2Zl%3jn{R z{b^4~6Vo{_9{>5zu~Rt!aPSTQysG=*ZW=nzxqG;7W>}z59Id%fI}nzAld;SBNG7B#qkbeL|ot^uy@ZM$vwOGN=i!Z z+qZYW)DdZ^0|%sz9|j*hq9m`PtR%0fc;b|<#tBtzHAThKhG(?DgXrn$sc0CR8J#oL zh3cK#cCusNzI{>$q>f2TA3Jwa@#MMxvxt5JKzn!myyIty9jd@i&<+XE4pF0cLx>O4 zPKoUk^$(HUy=RBS-d#JzTGS!&F_YN2V~^y4eY+n%vwr^K$^pgod@PeRVyfemg3 z-G1=$$Wc{d@WZDs-o9hXs-3%V&EAp3P>1U2-;ulMk+x{%d5hBUX=Icyb|^0nBo6k! zqKO^u-nB5WD-pZjvun@JZ;bvC47B?s!+jM(=jeqY7 z%F)m#Q-gill>s9RPw&wDVISvv312|^SHR$B@y2`(;7)vNc7|?$E&sdv(BG3kSZ4FK z%$^Mi#C5RU-yjuvm6MH~2!UF-`*NwqLHOHz@Zoj?9;;^vIt1mOuHU&fO^u4EO?VQ` zenJ`UE$*$DG+tngu=PsJT=$n?KIrvVI^SwWLWjV8<_-!NX4z+xiaCXi&U0kSB-bh! z9jgahxu%p)`hFODcZmX$9SJC9AXv|%z0Xf z-`OiR$BuPv5qYkJN-GH0VO>?_$Vvwv^0K)_1W4OHpmu~JYZ=6%_;i|yPyWliQ=J$A zELB@a_HoE@k2+F zHCi_!WjZRz5uckb6?&*WVNSV`Y>KVBUoOwgOs&bUQt1M$VSJu0Yrh;2n5z`wR_kt| zocMJCu_mu;U#n*iezk$JUV_vKxdB~kTd|e$X(HgPAXu|TZWN!fS@y~v+A_6l1nHo! zqz`J<4J}~3`@7YI?e$qQ(Vd=O4YmSchQ1hhGqXX^gpRFc#n61Hby04UE9(YnmiYem zC$jRZWv!-JaaD66YYMRj@^DSr&-r&tmQGVMzB(#F6k#zLCu4Xwgn`=_iO9}I)9zK(R{PS@dFh!R zCQ;M2IJ}fGthjl(0J}(y%d>0}LS?ZLvy^^2=Z->O#M+zNw2yNeZ)7IOf#iGiOc7u^ zCzIb=*&n1p*yqmBSkg!Y{o3#BR%lbuzFSbl!(@J1a;JRIFAmzgTwPdDD?QyJ>*| zH4KUX|KK&WVZ(dQ1W!QA*^*YyNO8ErosYEGrZs*fNoMdirLUnd%g}pdkZyslnq3Zs zKRoXL6*tyLUuhl93bxmGbm(A$l%VJ0gMET4-o~wj{1Urzc?^x7q81DdJQTF1*X!-dfJLaDs}{ zNQp;;FN$X$MROkArPjSzi(EhTFrSFRCuW!wnkV>i5+ex;t6kZx4_Y+VN}Wet1vBUf z(<$loOu@#Px+%s+R;&SN(Eb@US(9>_dM1U)WP&PjHYWP5aY<=Wk5lLcH!GWFL4_-K zc`XB3j*Hm8IJ#1bruwHdJy$0xB6FL!m*uaRz4j!YKOafto_KQO;fsFzR;3#|8)LUw zT`L32^AtIJo+Dxv3HmNCNCbdq<#j7PRV1Llp=piIj^;86mAN5y_3z^6Lcd$uyyk!njKQ?Q&6^EY zz-Fmn)-uv=TGibwCh;gAy^>U_xPEe2`^zuiYO!?U?Wj;zjM>lxua}!|R_bs_nJ*qfIX5uH<70!jj*D0~+s+natW<8l^ZHkWI@D(hV9)}tbn|uuC#}~J9Vpd3Q z+}GX3^rBf>5mntQji(a9t#GMi@1KxpPO=eNOn)p6bdKkEf2r%c68=4Z?3xHbi7R3M z(b3Rvm2kN6W7Is#Jv16RrYqg8Pd`~^xIYn!#W4{`vO&&R*;9nZEz3D}m+y3LPU5oV zSSnss*lht9&dQYr))oAMt|Xf$2D3tos2P+xGUBWdd}c~ZWg;_ni6%%r+{|8VGYaIa zWDKgDJ>_0l5?&%)F^2rTnAH`kMwA1%7U>cUo{FP-L_o>Y|J zpCs_EyP5Bso$H?w-u=1l{Z|8X{)nz4F(c=VhpM`FbnO9WyYkD2y+_s-PytJ-n#FS|C=xLk{d+~k1V_jDsH0zfd zBsGV|UEDP{DhyX|w^pvp%C*+xr;NPYSUr8$tgEi_U#2`{u5`W3$2<$`gSYqyW}Hl3t<`^sXb2ylYOFz}khqWg zq*1APhxz7aop{$)(&my1MjeyZ`o%Caew`O`s(dB^Bm4@L1+9!He#@ zW?st=l-gWlAQJ*C+hr%8(P%U2>B&Vo6vL(UqsNy)U9aY2Kk#kwt61_->C`BtAW(Vu=q2(j-|IsnBayy!Nd!#D zRBn2Tua+5Q{HS&G<4_#L_6FY83Ib!v5gak_tnkl{BA^c&zp*(`pMl!yKA5m3XY=uO z%vOwkKaI}KR8^e_ZVP6E%2*)qcB3@n6P%zWe5W3E%9 zqr3n`IhaW|FooHy7#l+0-<67&`L}z*NH@~V>=I$z2cuBJqVUztku8&B z{qc;@$f9C=o*u$d@E82^C3f?gnOCHndA;v=t-kWr;9^0U6#Lk+BaxSwHkfcGX|l93 zp38LTeEO=f@jV~bSd|{1TyP^**XTpCulZRhj`fOFCu|h~8uH5483nhzyjL*1tOO>Z1LhwQ>Ik8~EaxiG3<(zAjuJ#at4L2$TsmGPOgazSwhs#VA9zm4u0J%teF6j|J6{lN$Kkfw9(}DhGb5!uShbS9ciM zp%~u7hmzB&i4WvV%TZSDmYoHmQZwE%)vS7*_1b+P(3vSs@%5v8L%yQg!Z^jjwF36>d&5$we8R|NFW^Xd|c)njieAj3ek!H>dW>r?l5*WmKwb2QWEw&m|42K`pCsTdfZ`i}OX1jt4W!fw^cqyzQ zsETLapYdecU?RYzT?DuYML@;EKlAm^4r;76$bZ*o)En_rR?jRwKH>CGIOkc0;BayS zEr(TpCNB(Zz8z; zD2olV2d#cr3soP0ffTfgd&axEwS4Yz^VH#1>@uH-()*j?8Cj&o&qF@+_*rTce!)_p&+(kn(P+p^83i?)vX;X5((p#1bJ3W&Qf6q5vx@KBVC*hZJmfhf zBx`VG+_g52yp%@Lh?T5&GmjS-cqleLP>?T;UIBspn$>yl`hOW@&e{F+j9aEAdykVa zoilHzG+-7qom6|3a+9BOaMG@$qNulUOQ9mnc*XJMfse!K1IsKvqSwD~R)tKd6|hX@ z{`R$5?(J63PlbdVbJ$q<&+^granCq!oV^S*-q{L=Bq?Ulz1Cb1OyMG>-~Uwebcq37 zYs@rPHIIa*1}*v)hvi4lRGFnZ2p=pj>)W;2{(fuXL)5FRLGmN_+iOp(S+89c6rfib zSmDtgs8!^G0voDw(Q~tWWN5T^OT0gByzZZ~{m5)?dO7y%H7&)eFcE;OOw+MH;MfCM z7`Y`r+eUm#w&k+r5-q1L-Or3@JYxehxc=cG!OROYqI-^|76&QuyZ(6YmP?8x zC4kOwS%*7g(18p5Z(Gofic$0N^&DOIy+mii43c40g2mZzs-M~0SQsx{{Z?!MA-lU literal 0 HcmV?d00001 diff --git a/upload.php b/upload.php index 1878784..ab33f56 100644 --- a/upload.php +++ b/upload.php @@ -106,10 +106,10 @@ if (!is_writable($targetDir)) exit(); } -// Fallback-kompatibler Name (auch ohne random_bytes) -$rand = uniqid('', true); -$rand = str_replace('.', '', $rand); -$filename = 'user_' . $userId . '_' . $rand . '.' . $ext; +// Dateiname: user__. +// Format ist dateisystem-sicher (keine Doppelpunkte) und eindeutig genug. +$timestamp = gmdate('Ymd-His'); +$filename = 'user_' . $userId . '_' . $timestamp . '.' . $ext; $targetPath = rtrim($targetDir, "\\/") . DIRECTORY_SEPARATOR . $filename; if (!move_uploaded_file($tmp, $targetPath))