Dev: Return 403 error code

LimeSurvey · Jul 26, 2021 · df909f9 · df909f9
1 parent 11117c2
commit df909f9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/responses.php b/application/controllers/admin/responses.php
@@ -791,7 +791,7 @@ public function actionDownloadfile($iSurveyId, $iResponseId, $iQID, $iIndex)
                 $sFileRealName = $sDir . $aFile['filename'];
                 $sRealUserPath = realpath($sFileRealName);
                 if ($sRealUserPath === false || strpos($sRealUserPath, $sDir) !== 0) {
-                    throw new Exception('Directory traversal detected, aborted');
+                    throw new CHttpException(403, "Disable for security reasons.");
                 } else {
                     $mimeType = CFileHelper::getMimeType($sFileRealName, null, false);
                     if (is_null($mimeType)) {