tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-26 23:34:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

StaticController: Fix img file inclusion

Browse Source
This commit is contained in:
Alexander Fuhr 2014-09-08 12:59:22 +02:00
parent 7386ae5ef5
commit e8d526fcf9
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/StaticController.php
View File

@ -59,20 +59,12 @@ class StaticController extends ActionController
public function imgAction() public function imgAction()
{ {
$module = $this->_getParam('module_name'); $module = $this->_getParam('module_name');
// TODO: This is more than dangerous, must be fixed!!
$file = $this->_getParam('file'); $file = $this->_getParam('file');
$basedir = Icinga::app()->getModuleManager()->getModule($module)->getBaseDir(); $basedir = Icinga::app()->getModuleManager()->getModule($module)->getBaseDir();
$filePath = realpath($basedir . '/public/img/' . $file); $filePath = realpath($basedir . '/public/img/' . $file);
if (strpos($filePath, $basedir) === false) { if (! $filePath || strpos($filePath, $basedir) !== 0) {
throw new ActionException(sprintf(
'%s does not exist',
$filePath
), 404);
}
if (! file_exists($filePath)) {
throw new ActionException(sprintf( throw new ActionException(sprintf(
'%s does not exist', '%s does not exist',
$filePath $filePath