From dd054b2ee84af84c4da6fb52a6f6b7311dd8bb72 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 6 Sep 2021 10:46:12 +0000
Subject: Check if SVG path is valid

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 core/Controller/SvgController.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'core')

diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php
index ea73ba118d9..5f5ffd4ceb0 100644
--- a/core/Controller/SvgController.php
+++ b/core/Controller/SvgController.php
@@ -31,6 +31,7 @@ declare(strict_types=1);
  */
 namespace OC\Core\Controller;
 
+use OC\Files\Filesystem;
 use OC\Template\IconsCacher;
 use OCP\App\AppPathNotFoundException;
 use OCP\App\IAppManager;
@@ -117,6 +118,10 @@ class SvgController extends Controller {
 	 * @return DataDisplayResponse|NotFoundResponse
 	 */
 	private function getSvg(string $path, string $color, string $fileName) {
+		if(!Filesystem::isValidPath($path)) {
+			return new NotFoundResponse();
+		}
+
 		if (!file_exists($path)) {
 			return new NotFoundResponse();
 		}
-- 
cgit v1.2.3


From 2994dbe2159807b2efa6acba3d0430bc25af207d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 6 Sep 2021 10:53:01 +0000
Subject: Fix codestyle

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 core/Controller/SvgController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php
index 5f5ffd4ceb0..17f16dd48e6 100644
--- a/core/Controller/SvgController.php
+++ b/core/Controller/SvgController.php
@@ -118,7 +118,7 @@ class SvgController extends Controller {
 	 * @return DataDisplayResponse|NotFoundResponse
 	 */
 	private function getSvg(string $path, string $color, string $fileName) {
-		if(!Filesystem::isValidPath($path)) {
+		if (!Filesystem::isValidPath($path)) {
 			return new NotFoundResponse();
 		}
 
-- 
cgit v1.2.3