Fixed issue #18344: Unable to download file in response list (IIS)

LimeSurvey · Sep 15, 2022 · 18ba234 · 18ba234
1 parent 2429adf
commit 18ba234
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php
@@ -636,7 +636,7 @@ public function actionDownloadfile($iSurveyId, $iResponseId, $iQID, $iIndex)
             if (isset($aQuestionFiles[$iIndex])) {
                 $aFile = $aQuestionFiles[$iIndex];
                 // Real path check from here: https://stackoverflow.com/questions/4205141/preventing-directory-traversal-in-php-but-allowing-paths
-                $sDir = realpath(Yii::app()->getConfig('uploaddir') . "/surveys/" . $iSurveyId . "/files/") . '/';
+                $sDir = realpath(Yii::app()->getConfig('uploaddir') . "/surveys/" . $iSurveyId . "/files/") . DIRECTORY_SEPARATOR;
                 $sFileRealName = $sDir . $aFile['filename'];
                 $sRealUserPath = realpath($sFileRealName);
                 if ($sRealUserPath === false || strpos($sRealUserPath, $sDir) !== 0) {