From 3b731eeea90642750b7602d8eee98f83c845f3c1 Mon Sep 17 00:00:00 2001
From: Olle Haerstedt <olle.haerstedt@limesurvey.org>
Date: Mon, 26 Jul 2021 14:55:48 +0200
Subject: [PATCH] Dev: Return 403 error code

---
 application/controllers/admin/responses.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php
index 6bd41f30d21..16aca2ee5a4 100644
--- a/application/controllers/admin/responses.php
+++ b/application/controllers/admin/responses.php
@@ -640,7 +640,7 @@ public function actionDownloadfile($iSurveyId, $iResponseId, $iQID, $iIndex)
                 $sFileRealName = $sDir . $aFile['filename'];
                 $sRealUserPath = realpath($sFileRealName);
                 if ($sRealUserPath === false || strpos($sRealUserPath, $sDir) !== 0) {
-                    throw new Exception('Directory traversal detected, aborted');
+                    throw new CHttpException(403, "Disable for security reasons.");
                 } else {
                     $mimeType = CFileHelper::getMimeType($sFileRealName, null, false);
                     if (is_null($mimeType)) {