Skip to content

Commit

Permalink
Merge pull request from GHSA-hmqj-gv2m-hq55
Browse files Browse the repository at this point in the history
  • Loading branch information
ゴンドー authored Oct 26, 2023
1 parent 874c554 commit 7555a5c
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/Baser/Plugin/Mail/Controller/MailMessagesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,14 @@ public function admin_attachment()
unset($args[0]);
$file = implode('/', $args);
$settings = $this->MailMessage->Behaviors->BcUpload->BcFileUploader['MailMessage']->settings;
$filePath = WWW_ROOT . 'files' . DS . $settings['saveDir'] . DS . $file;
$basePath = realpath(WWW_ROOT . 'files' . DS . $settings['saveDir']);
$filePath = realpath($basePath . DS . $file);

// basePath配下出ない場合は表示しない
if (strpos($filePath, $basePath) !== 0) {
$this->notFound();
}

$ext = decodeContent(null, $file);
$mineType = 'application/octet-stream';
if ($ext !== 'gif' && $ext !== 'jpg' && $ext !== 'png') {
Expand Down

0 comments on commit 7555a5c

Please sign in to comment.