From 3035efac65ca2f7977916bd117056aa411776dfd Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Fri, 14 Aug 2020 11:46:19 +0200
Subject: [PATCH] static/img: Make sure to correctly access module images

fixes #4226
---
 application/controllers/StaticController.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/application/controllers/StaticController.php b/application/controllers/StaticController.php
index 3667ef67f..d75ef7243 100644
--- a/application/controllers/StaticController.php
+++ b/application/controllers/StaticController.php
@@ -68,16 +68,16 @@ class StaticController extends Controller
      */
     public function imgAction()
     {
-        $moduleRoot = Icinga::app()
+        $imgRoot = Icinga::app()
             ->getModuleManager()
             ->getModule($this->getParam('module_name'))
-            ->getBaseDir();
+            ->getBaseDir() . '/public/img/';
 
         $file = $this->getParam('file');
-        $filePath = realpath($moduleRoot . '/public/img/' . $file);
+        $filePath = realpath($imgRoot . $file);
 
-        if ($filePath === false) {
-            $this->httpNotFound('%s does not exist', $filePath);
+        if ($filePath === false || substr($filePath, 0, strlen($imgRoot)) !== $imgRoot) {
+            $this->httpNotFound('%s does not exist', $file);
         }
 
         if (preg_match('/\.([a-z]+)$/i', $file, $m)) {