upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-08 16:26:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Merge pull request #28726 from nextcloud/check-if-path-is-valid

Browse source 
Check if SVG path is valid
This commit is contained in:
Lukas Reschke 2021-09-07 08:31:16 +02:00 committed by GitHub
commit d4d1f5dfce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/Controller/SvgController.php
View file

@ -31,6 +31,7 @@ declare(strict_types=1);
*/
namespace OC\Core\Controller;
use OC\Files\Filesystem;
use OC\Template\IconsCacher;
use OCP\App\AppPathNotFoundException;
use OCP\App\IAppManager;
@ -117,6 +118,10 @@ class SvgController extends Controller {
* @return DataDisplayResponse|NotFoundResponse
*/
private function getSvg(string $path, string $color, string $fileName) {
if (!Filesystem::isValidPath($path)) {
return new NotFoundResponse();
}
if (!file_exists($path)) {
return new NotFoundResponse();
}

2
tests/Core/Controller/SvgControllerTest.php
View file

@ -183,7 +183,7 @@ class SvgControllerTest extends TestCase {
$this->appManager->expects($this->once())
->method('getAppPath')
->with($appName)
->willReturn(__DIR__ . '/../../../apps/' . $appName);
->willReturn(realpath(__DIR__ . '/../../../apps/') . '/' . $appName);
$response = $this->svgController->getSvgFromApp($appName, $name, $color);