mirror/intervention_image
1
0
Fork 0
mirror of https://github.com/Intervention/image.git synced 2025-08-12 00:43:59 +02:00
Code Issues Releases Wiki Activity

security patch in manipulation route

Browse Source
This commit is contained in:
Oliver Vogel
2014-08-19 18:03:43 +02:00
parent 2fb5e286e4
commit 92a9968876
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Intervention/Image/ImageServiceProvider.php
View File

@@ -46,7 +46,8 @@ class ImageServiceProvider extends ServiceProvider
// find file // find file
foreach ($config->get('imagecache::paths') as $path) { foreach ($config->get('imagecache::paths') as $path) {
$image_path = $path.'/'.$filename; // don't allow '..' in filenames
$image_path = $path.'/'.str_replace('..', '', $filename);
if (file_exists($image_path) && is_file($image_path)) { if (file_exists($image_path) && is_file($image_path)) {
break; break;
} else { } else {