Skip to content
Permalink
Browse files

Fix directory traversal security checking

fixes #7015
  • Loading branch information...
quickapps committed Jul 15, 2015
1 parent c4031bf commit 92e3e09fdc218ebf8eb50e896dcb1728d02eadfc
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/Network/Response.php
@@ -1419,7 +1419,7 @@ public function file($path, array $options = [])
'download' => null
];
if (strpos($path, '..') !== false) {
if (strpos(dirname($path), '..') !== false) {
throw new NotFoundException('The requested file contains `..` and will not be read.');
}

0 comments on commit 92e3e09

Please sign in to comment.
You can’t perform that action at this time.