mirror/intervention_image
1
0
Fork 0
mirror of https://github.com/Intervention/image.git synced 2025-02-06 22:00:38 +01:00
Code Issues Releases Wiki Activity

security patch in manipulation route

Browse Source
This commit is contained in:
Oliver Vogel 2014-08-19 18:03:43 +02:00
parent 2fb5e286e4
commit 92a9968876
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Intervention/Image/ImageServiceProvider.php
View File

@ -46,7 +46,8 @@ class ImageServiceProvider extends ServiceProvider
// find file
foreach ($config->get('imagecache::paths') as $path) {
$image_path = $path.'/'.$filename;
// don't allow '..' in filenames
$image_path = $path.'/'.str_replace('..', '', $filename);
if (file_exists($image_path) && is_file($image_path)) {
break;
} else {