tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4227 from Icinga/fix/incorrect-module-image-delivery 

static/img: Make sure to correctly access module images
This commit is contained in:
Johannes Meyer 2020-08-19 11:02:23 +02:00 committed by GitHub
parent 250ae929dd 3035efac65
commit 86ca586dd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/StaticController.php
View File

@ -68,16 +68,16 @@ class StaticController extends Controller
*/
public function imgAction()
{
$moduleRoot = Icinga::app()
$imgRoot = Icinga::app()
->getModuleManager()
->getModule($this->getParam('module_name'))
->getBaseDir();
->getBaseDir() . '/public/img/';
$file = $this->getParam('file');
$filePath = realpath($moduleRoot . '/public/img/' . $file);
$filePath = realpath($imgRoot . $file);
if ($filePath === false) {
$this->httpNotFound('%s does not exist', $filePath);
if ($filePath === false || substr($filePath, 0, strlen($imgRoot)) !== $imgRoot) {
$this->httpNotFound('%s does not exist', $file);
}
if (preg_match('/\.([a-z]+)$/i', $file, $m)) {