Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-fp7q-xhhw-6rj3
  • Loading branch information
leofeyer committed Apr 25, 2023
1 parent 8e211cc commit 6f3e705
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion core-bundle/src/Resources/contao/drivers/DC_Folder.php
Expand Up @@ -2525,6 +2525,13 @@ public function ajaxTreeView($strFolder, $level)
return '';
}

$this->isValid($strFolder);

if (!is_dir($this->strRootDir . '/' . $strFolder) || !$this->isMounted($strFolder))
{
throw new AccessDeniedException('Folder "' . $strFolder . '" is not mounted or cannot be found.');
}

/** @var Session $objSession */
$objSession = System::getContainer()->get('session');

Expand Down Expand Up @@ -2947,7 +2954,7 @@ protected function isMounted($strFolder)
return false;
}

if (empty($this->arrFilemounts))
if (empty($this->arrFilemounts) && !\is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root']) && $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root'] !== false)
{
return true;
}
Expand Down

0 comments on commit 6f3e705

Please sign in to comment.