Check if SVG path is valid

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
author: Lukas Reschke <lukas@statuscode.ch> 2021-09-06 10:46:12 +0000
committer: GitHub <noreply@github.com> 2021-09-06 10:46:12 +0000
commit: dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72 (patch)
tree: 55d6aac1191f5f86d68be813ca91e3cc42e649e2 /core/Controller
parent: 33a0b75c83a1c56fa84b98d3a07a26b5c4932b65 (diff)
download: nextcloud-server-dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72.tar.gz
nextcloud-server-dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php
index ea73ba118d9..5f5ffd4ceb0 100644
--- a/core/Controller/SvgController.php
+++ b/core/Controller/SvgController.php
@@ -31,6 +31,7 @@ declare(strict_types=1);
  */
 namespace OC\Core\Controller;
 
+use OC\Files\Filesystem;
 use OC\Template\IconsCacher;
 use OCP\App\AppPathNotFoundException;
 use OCP\App\IAppManager;
@@ -117,6 +118,10 @@ class SvgController extends Controller {
 	 * @return DataDisplayResponse|NotFoundResponse
 	 */
 	private function getSvg(string $path, string $color, string $fileName) {
+		if(!Filesystem::isValidPath($path)) {
+			return new NotFoundResponse();
+		}
+
 		if (!file_exists($path)) {
 			return new NotFoundResponse();
 		}
author	Lukas Reschke <lukas@statuscode.ch>	2021-09-06 10:46:12 +0000
committer	GitHub <noreply@github.com>	2021-09-06 10:46:12 +0000
commit	dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72 (patch)
tree	55d6aac1191f5f86d68be813ca91e3cc42e649e2 /core/Controller
parent	33a0b75c83a1c56fa84b98d3a07a26b5c4932b65 (diff)
download	nextcloud-server-dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72.tar.gz nextcloud-server-dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72.zip