Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Reject file paths containing ...
Paths containing `..` are generally up to no good. Throw an exception,
as developers can use realpath() if they really need to get relative
paths.

Fixes #3370
  • Loading branch information
markstory committed Apr 24, 2014
1 parent 2333c3d commit 6f68049
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
7 changes: 7 additions & 0 deletions lib/Cake/Network/CakeResponse.php
Expand Up @@ -1259,6 +1259,13 @@ public function file($path, $options = array()) {
'download' => null
);

if (strpos($path, '..') !== false) {
throw new NotFoundException(__d(
'cake_dev',
'The requested file contains `..` and will not be read.'
));
}

if (!is_file($path)) {
$path = APP . $path;
}
Expand Down
11 changes: 11 additions & 0 deletions lib/Cake/Test/Case/Network/CakeResponseTest.php
Expand Up @@ -1075,6 +1075,17 @@ public function testFileNotFound() {
$response->file('/some/missing/folder/file.jpg');
}

/**
* test file with ..
*
* @expectedException NotFoundException
* @return void
*/
public function testFileWithPathTraversal() {
$response = new CakeResponse();
$response->file('my/../cat.gif');
}

/**
* testFile method
*
Expand Down

0 comments on commit 6f68049

Please sign in to comment.