mirror of
https://github.com/openvk/openvk
synced 2024-12-22 08:31:18 +03:00
[IMPORTANT SECURITY] Fix critical directory traversal vulnerability in file seeding mechanism
This commit is contained in:
parent
02dd373460
commit
cf6cda260d
1 changed files with 1 additions and 0 deletions
|
@ -17,6 +17,7 @@ final class BlobPresenter extends OpenVKPresenter
|
|||
function renderFile(/*string*/ $dir, string $name, string $format)
|
||||
{
|
||||
$dir = $this->getDirName($dir);
|
||||
$name = preg_replace("%[^a-zA-Z0-9_\-]++%", "", $name);
|
||||
$path = OPENVK_ROOT . "/storage/$dir/$name.$format";
|
||||
if(!file_exists($path)) {
|
||||
$this->notFound();
|
||||
|
|
Loading…
Reference in a new issue