Browse Source
Merge pull request #28726 from nextcloud/check-if-path-is-valid
Check if SVG path is validtags/v23.0.0beta1
Lukas Reschke
2 years ago
2 changed files with 6 additions and 1 deletions
+ 5
- 0
core/Controller/SvgController.php
View File
| @@ -31,6 +31,7 @@ declare(strict_types=1); | |||
| */ | |||
| namespace OC\Core\Controller; | |||
| use OC\Files\Filesystem; | |||
| use OC\Template\IconsCacher; | |||
| use OCP\App\AppPathNotFoundException; | |||
| use OCP\App\IAppManager; | |||
| @@ -117,6 +118,10 @@ class SvgController extends Controller { | |||
| * @return DataDisplayResponse|NotFoundResponse | |||
| */ | |||
| private function getSvg(string $path, string $color, string $fileName) { | |||
| if (!Filesystem::isValidPath($path)) { | |||
| return new NotFoundResponse(); | |||
| } | |||
| if (!file_exists($path)) { | |||
| return new NotFoundResponse(); | |||
| } | |||
+ 1
- 1
tests/Core/Controller/SvgControllerTest.php
View File
| @@ -183,7 +183,7 @@ class SvgControllerTest extends TestCase { | |||
| $this->appManager->expects($this->once()) | |||
| ->method('getAppPath') | |||
| ->with($appName) | |||
| ->willReturn(__DIR__ . '/../../../apps/' . $appName); | |||
| ->willReturn(realpath(__DIR__ . '/../../../apps/') . '/' . $appName); | |||
| $response = $this->svgController->getSvgFromApp($appName, $name, $color); | |||
Loading…