Check if SVG path is valid

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
author: Lukas Reschke <lukas@statuscode.ch> 2021-09-06 10:46:12 +0000
committer: backportbot[bot] <backportbot[bot]@users.noreply.github.com> 2021-09-07 06:36:43 +0000
commit: 39b15269c99a2b6d123ddb75b9c00c9356720dfd (patch)
tree: a0e8f6c4836e4ce62675ab9797cc8f5afaa00244 /core
parent: 94cdc6b2617929cfd81d518e3af28bd8ab290757 (diff)
download: nextcloud-server-39b15269c99a2b6d123ddb75b9c00c9356720dfd.tar.gz
nextcloud-server-39b15269c99a2b6d123ddb75b9c00c9356720dfd.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php
index ff0a21ba516..3aa9e73c859 100644
--- a/core/Controller/SvgController.php
+++ b/core/Controller/SvgController.php
@@ -32,6 +32,7 @@ declare(strict_types=1);
 
 namespace OC\Core\Controller;
 
+use OC\Files\Filesystem;
 use OC\Template\IconsCacher;
 use OCP\App\AppPathNotFoundException;
 use OCP\App\IAppManager;
@@ -118,6 +119,10 @@ class SvgController extends Controller {
 	 * @return DataDisplayResponse|NotFoundResponse
 	 */
 	private function getSvg(string $path, string $color, string $fileName) {
+		if(!Filesystem::isValidPath($path)) {
+			return new NotFoundResponse();
+		}
+
 		if (!file_exists($path)) {
 			return new NotFoundResponse();
 		}
author	Lukas Reschke <lukas@statuscode.ch>	2021-09-06 10:46:12 +0000
committer	backportbot[bot] <backportbot[bot]@users.noreply.github.com>	2021-09-07 06:36:43 +0000
commit	39b15269c99a2b6d123ddb75b9c00c9356720dfd (patch)
tree	a0e8f6c4836e4ce62675ab9797cc8f5afaa00244 /core
parent	94cdc6b2617929cfd81d518e3af28bd8ab290757 (diff)
download	nextcloud-server-39b15269c99a2b6d123ddb75b9c00c9356720dfd.tar.gz nextcloud-server-39b15269c99a2b6d123ddb75b9c00c9356720dfd.zip