tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-23 13:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

static/img: Make sure to correctly access module images

Browse Source 
fixes #4226
This commit is contained in:
Johannes Meyer 2020-08-14 11:46:19 +02:00
parent 250ae929dd
commit 3035efac65
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/StaticController.php
View File

@ -68,16 +68,16 @@ class StaticController extends Controller
*/ */
public function imgAction() public function imgAction()
{ {
$moduleRoot = Icinga::app() $imgRoot = Icinga::app()
->getModuleManager() ->getModuleManager()
->getModule($this->getParam('module_name')) ->getModule($this->getParam('module_name'))
->getBaseDir(); ->getBaseDir() . '/public/img/';
$file = $this->getParam('file'); $file = $this->getParam('file');
$filePath = realpath($moduleRoot . '/public/img/' . $file); $filePath = realpath($imgRoot . $file);
if ($filePath === false) { if ($filePath === false || substr($filePath, 0, strlen($imgRoot)) !== $imgRoot) {
$this->httpNotFound('%s does not exist', $filePath); $this->httpNotFound('%s does not exist', $file);
} }
if (preg_match('/\.([a-z]+)$/i', $file, $m)) { if (preg_match('/\.([a-z]+)$/i', $file, $m)) {