Skip to content
Permalink
Browse files

[security] Fixed issue #14617: relative path allowed in lsa multiple …

…download
  • Loading branch information...
LouisGac committed Mar 14, 2019
1 parent 9ca364f commit 1ed10d3c423187712b8f6a8cb2bc9d5cc3b2deb8
Showing with 1 addition and 0 deletions.
  1. +1 −0 application/controllers/admin/export.php
@@ -919,6 +919,7 @@ public function exportMultipleSurveys($sSurveys, $sExportType)
public function downloadZip($sZip)
{
$sTempDir = Yii::app()->getConfig("tempdir");
$sZip = get_absolute_path($sZip);
$aZIPFileName = $sTempDir.DIRECTORY_SEPARATOR.$sZip;
if (is_file($aZIPFileName)) {

0 comments on commit 1ed10d3

Please sign in to comment.
You can’t perform that action at this time.