tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

static/img: Make sure to correctly access module images 

fixes #4226
This commit is contained in:
Johannes Meyer 2020-08-14 11:46:19 +02:00
parent 250ae929dd
commit 3035efac65
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/StaticController.php
View File

@ -68,16 +68,16 @@ class StaticController extends Controller
*/
public function imgAction()
{
$moduleRoot = Icinga::app()
$imgRoot = Icinga::app()
->getModuleManager()
->getModule($this->getParam('module_name'))
->getBaseDir();
->getBaseDir() . '/public/img/';
$file = $this->getParam('file');
$filePath = realpath($moduleRoot . '/public/img/' . $file);
$filePath = realpath($imgRoot . $file);
if ($filePath === false) {
$this->httpNotFound('%s does not exist', $filePath);
if ($filePath === false || substr($filePath, 0, strlen($imgRoot)) !== $imgRoot) {
$this->httpNotFound('%s does not exist', $file);
}
if (preg_match('/\.([a-z]+)$/i', $file, $m)) {