Skip to content

Commit

Permalink
Merge pull request #28735 from nextcloud/backport/28726/stable21
Browse files Browse the repository at this point in the history 
[stable21] Check if SVG path is valid
  • Loading branch information
@LukasReschke
LukasReschke authored Sep 7, 2021
2 parents 94cdc6b + d0a3746 commit 7dece11
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions core/Controller/SvgController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

namespace OC\Core\Controller;

use OC\Files\Filesystem;
use OC\Template\IconsCacher;
use OCP\App\AppPathNotFoundException;
use OCP\App\IAppManager;
Expand Down Expand Up @@ -118,6 +119,10 @@ public function getSvgFromApp(string $app, string $fileName, string $color = 'ff
* @return DataDisplayResponse|NotFoundResponse
*/
private function getSvg(string $path, string $color, string $fileName) {
if (!Filesystem::isValidPath($path)) {
return new NotFoundResponse();
}

if (!file_exists($path)) {
return new NotFoundResponse();
}
Expand Down
2 changes: 1 addition & 1 deletion tests/Core/Controller/SvgControllerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ public function testGetSvgFromApp(string $appName, string $name, string $color,
$this->appManager->expects($this->once())
->method('getAppPath')
->with($appName)
->willReturn(__DIR__ . '/../../../apps/' . $appName);
->willReturn(realpath(__DIR__ . '/../../../apps/') . '/' . $appName);

$response = $this->svgController->getSvgFromApp($appName, $name, $color);

Expand Down

0 comments on commit 7dece11

Please sign in to comment.