Merge branch 'MDL-68443-xmldb-path-validation-MOODLE_37_STABLE' of ht…

…tps://github.com/brendanheywood/moodle into MOODLE_37_STABLE
moodle · May 7, 2020 · 61f218a · 61f218a
2 parents 6bafc32 + f98f08c
commit 61f218a
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/admin/tool/xmldb/actions/view_xml/view_xml.class.php b/admin/tool/xmldb/actions/view_xml/view_xml.class.php
@@ -68,13 +68,13 @@ function invoke() {
 
         // Get the file parameter
         $file = required_param('file', PARAM_PATH);
-        $file = $CFG->dirroot . $file;
-        // File must be under $CFG->wwwroot and
-        // under one db directory (simple protection)
-        if (substr($file, 0, strlen($CFG->dirroot)) == $CFG->dirroot &&
-            substr(dirname($file), -2, 2) == 'db') {
+
+        $fullpath = $CFG->dirroot . $file;
+        // File param must start with / and end with /db/install.xml to be safe.
+        if (substr($file, 0, 1) == '/' &&
+            substr($file, -15, 15) == '/db/install.xml') {
             // Everything is ok. Load the file to memory
-            $this->output = file_get_contents($file);
+            $this->output = file_get_contents($fullpath);
         } else {
             // Switch to HTML and error
             $this->does_generate = ACTION_GENERATE_HTML;