Renamining files based on the time - potential overwrite issue
1. Vulnerability: Prevent potential overwrites of the file names in AlbumController.php and LaguController.php
//current approach:
$target_path_image = $target_dir . "album-" . time() . "-" . $filename . "." . $ext;
$temp_name = $formData['image_file']['tmp_name'];
$storage->copy($temp_name, $target_path_image);
$target_path_image = "/storage/" . $target_path_image;
2. Exploit:
In high-traffic scenarios, where multiple files could potentially be uploaded in the same second, there is still a small chance of overwriting. This is especially true if the original file names are common or predictable.
3. Fix:
This issue was fixed with this commit: 1d9d5b08 and a8e0c7cf
Edited by Lukáš Radovanský