tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

StaticController: Fix img file inclusion

This commit is contained in:
Alexander Fuhr 2014-09-08 12:59:22 +02:00
parent 7386ae5ef5
commit e8d526fcf9
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/StaticController.php
View File

@ -59,20 +59,12 @@ class StaticController extends ActionController
public function imgAction()
{
$module = $this->_getParam('module_name');
// TODO: This is more than dangerous, must be fixed!!
$file = $this->_getParam('file');
$basedir = Icinga::app()->getModuleManager()->getModule($module)->getBaseDir();
$filePath = realpath($basedir . '/public/img/' . $file);
if (strpos($filePath, $basedir) === false) {
throw new ActionException(sprintf(
'%s does not exist',
$filePath
), 404);
}
if (! file_exists($filePath)) {
if (! $filePath || strpos($filePath, $basedir) !== 0) {
throw new ActionException(sprintf(
'%s does not exist',
$filePath