Merge branch 'MDL-70130-master' of git://github.com/andrewnicols/moodle

2025-04-21 00:12:56 +02:00 · 2020-11-06 11:28:02 +08:00 · 2020-11-06 11:28:02 +08:00 · 48e4dbea7c
commit 48e4dbea7c
parent 8a9a4ee4f3 c42c08793b
2 changed files with 12 additions and 9 deletions
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -6314,10 +6314,9 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
            require_once($CFG->libdir.'/filelib.php');
            $mimetype = mimeinfo('type', $attachname);

-            $attachmentpath = $attachment;
-
            // Before doing the comparison, make sure that the paths are correct (Windows uses slashes in the other direction).
-            $attachpath = str_replace('\\', '/', $attachmentpath);
+            // The absolute (real) path is also fetched to ensure that comparisons to allowed paths are compared equally.
+            $attachpath = str_replace('\\', '/', realpath($attachment));

            // Add allowed paths to an array (also check if it's not empty).
            $allowedpaths = array_filter([
@ -6325,16 +6324,17 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
                $CFG->dataroot,
                $CFG->dirroot,
                $CFG->localcachedir,
-                $CFG->tempdir
+                $CFG->tempdir,
+                $CFG->localrequestdir,
            ]);
            // Set addpath to true.
            $addpath = true;
            // Check if attachment includes one of the allowed paths.
-            foreach ($allowedpaths as $tmpvar) {
+            foreach ($allowedpaths as $allowedpath) {
                // Make sure both variables are normalised before comparing.
-                $temppath = str_replace('\\', '/', realpath($tmpvar));
+                $allowedpath = str_replace('\\', '/', realpath($allowedpath));
                // Set addpath to false if the attachment includes one of the allowed paths.
-                if (strpos($attachpath, $temppath) === 0) {
+                if (strpos($attachpath, $allowedpath) === 0) {
                    $addpath = false;
                    break;
                }
@ -6343,10 +6343,10 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
            // If the attachment is a full path to a file in the multiple allowed paths, use it as is,
            // otherwise assume it is a relative path from the dataroot (for backwards compatibility reasons).
            if ($addpath == true) {
-                $attachmentpath = $CFG->dataroot . '/' . $attachmentpath;
+                $attachment = $CFG->dataroot . '/' . $attachment;
            }

-            $mail->addAttachment($attachmentpath, $attachname, 'base64', $mimetype);
+            $mail->addAttachment($attachment, $attachname, 'base64', $mimetype);
        }
    }

--- a/lib/tests/moodlelib_test.php
+++ b/lib/tests/moodlelib_test.php
@ -3446,6 +3446,9 @@ class core_moodlelib_testcase extends advanced_testcase {
            'dirroot' => [$CFG->dirroot],
            'localcachedir' => [$CFG->localcachedir],
            'tempdir' => [$CFG->tempdir],
+            // Paths within $CFG->localrequestdir.
+            'localrequestdir_request_directory' => [make_request_directory()],
+            'localrequestdir_request_storage_directory' => [get_request_storage_directory()],
            // Pass null to indicate we want to test a path relative to $CFG->dataroot.
            'relative' => [null]
        ];