diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/SvgController.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php index ff0a21ba516..3aa9e73c859 100644 --- a/core/Controller/SvgController.php +++ b/core/Controller/SvgController.php @@ -32,6 +32,7 @@ declare(strict_types=1); namespace OC\Core\Controller; +use OC\Files\Filesystem; use OC\Template\IconsCacher; use OCP\App\AppPathNotFoundException; use OCP\App\IAppManager; @@ -118,6 +119,10 @@ class SvgController extends Controller { * @return DataDisplayResponse|NotFoundResponse */ private function getSvg(string $path, string $color, string $fileName) { + if(!Filesystem::isValidPath($path)) { + return new NotFoundResponse(); + } + if (!file_exists($path)) { return new NotFoundResponse(); } |