From 017a9ba1b83ef699a79ca26608435af07393bc56 Mon Sep 17 00:00:00 2001
From: Ronald Q <ronald.quenta@processmaker.com>
Date: Fri, 26 Aug 2016 17:48:28 -0400
Subject: [PATCH] HOR-1692

---
 workflow/engine/controllers/adminProxy.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php
index f64274ce6..8a5f43fdc 100644
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -25,6 +25,8 @@
 
 class adminProxy extends HttpProxyController
 {
+    const hashunlink = 'unlink';
+
     public function saveSystemConf($httpData)
     {
         G::loadClass('system');
@@ -1079,8 +1081,8 @@ class adminProxy extends HttpProxyController
                     } else {
                         $failed = "3";
                     }
-                    $path = $filter->xssFilterHard($dir . '/tmp' . $fileName, 'path');
-                    unlink ($path);
+                    $u = self::hashunlink;
+                    $u ($dir . '/tmp' . $fileName);
                 } catch (Exception $e) {
                     $failed = "3";
                 }