upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-08 08:16:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #28735 from nextcloud/backport/28726/stable21

Browse source 
[stable21] Check if SVG path is valid
This commit is contained in:
Lukas Reschke 2021-09-07 09:39:10 +02:00 committed by GitHub
commit 7dece11af0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/Controller/SvgController.php
View file

@ -32,6 +32,7 @@ declare(strict_types=1);
namespace OC\Core\Controller;
use OC\Files\Filesystem;
use OC\Template\IconsCacher;
use OCP\App\AppPathNotFoundException;
use OCP\App\IAppManager;
@ -118,6 +119,10 @@ class SvgController extends Controller {
* @return DataDisplayResponse|NotFoundResponse
*/
private function getSvg(string $path, string $color, string $fileName) {
if (!Filesystem::isValidPath($path)) {
return new NotFoundResponse();
}
if (!file_exists($path)) {
return new NotFoundResponse();
}

2
tests/Core/Controller/SvgControllerTest.php
View file

@ -183,7 +183,7 @@ class SvgControllerTest extends TestCase {
$this->appManager->expects($this->once())
->method('getAppPath')
->with($appName)
->willReturn(__DIR__ . '/../../../apps/' . $appName);
->willReturn(realpath(__DIR__ . '/../../../apps/') . '/' . $appName);
$response = $this->svgController->getSvgFromApp($appName, $name, $color);