From ae288f251dc7521badc3647cb5c3c8d9639b7fee Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Wed, 7 Apr 2021 17:37:36 +0200
Subject: [PATCH] upload: disallow overwrites of existing file names

Not a solution for reusing the same name, but prevents silent replacement
allowing the user to retry.

Reported-by: Fulco Jongsma
---
 upload.inc.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/upload.inc.php b/upload.inc.php
index 6175fe2..e70f573 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -27,6 +27,9 @@ function userupload($input, $target = NULL, $filename = NULL)
 		$target .= $input['name'];
 	}
 
+	if (file_exists($target)) {
+		throw new Exception("bestandsnaam al aanwezig op $target");
+	}
 	if (!@move_uploaded_file($input['tmp_name'], $target)) {
 		throw new Exception("bestand kon niet worden opgeslagen in $target");
 	}
-- 
2.30.0