Improve asset file path handling

octobercms · Mar 31, 2020 · 2b8939c · 2b8939c
1 parent a9b4a5b
commit 2b8939c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/modules/cms/classes/Asset.php b/modules/cms/classes/Asset.php
@@ -285,7 +285,14 @@ public function getFilePath($fileName = null)
             $fileName = $this->fileName;
         }
 
-        return $this->theme->getPath().'/'.$this->dirName.'/'.$fileName;
+        // Limit paths to those under the assets directory
+        $directory = $this->theme->getPath() . '/' . $this->dirName . '/';
+        $path = realpath($directory . $fileName);
+        if (!starts_with($path, $directory)) {
+            return false;
+        }
+
+        return $path;
     }
 
     /**