From 77adfcb8313d4e8fabc55e1faca568931817c66e Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Mon, 6 May 2024 11:31:23 +0100
Subject: [PATCH] missed a check in MediaUploadTrait::checkFileMetadata()

---
 CHANGELOG.md                                             | 1 +
 system/src/Grav/Common/Media/Traits/MediaUploadTrait.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 966b2f2ed..913a58151 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
    * Better handling of external protocols in `Utils::url()` such as `mailto:`, `tel:`, etc.
 1. [](#bugfix)
    * Fixes for multi-lang taxonomy when reinitializing the languages (e.g. LangSwitcher plugin) 
+   * Ensure the full filepath is checked for invalid filename in `Utils::checkFileMetadata()`
 
 # v1.7.45
 ## 03/18/2024
diff --git a/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php b/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php
index 36becdfba..2b1c3bbee 100644
--- a/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php
+++ b/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php
@@ -156,7 +156,7 @@ trait MediaUploadTrait
         $filepath = $folder . $filename;
 
         // Check if the filename is allowed.
-        if (!Utils::checkFilename($filename)) {
+        if (!Utils::checkFilename($filepath)) {
             throw new RuntimeException(
                 sprintf($this->translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD'), $filepath, $this->translate('PLUGIN_ADMIN.BAD_FILENAME'))
             );