Skip to content
Permalink
Browse files Browse the repository at this point in the history
Improve asset file path handling when moving assets
  • Loading branch information
Luke Towers committed Mar 31, 2020
1 parent 2b8939c commit 6711dae
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion modules/cms/widgets/AssetList.php
Expand Up @@ -333,13 +333,20 @@ public function onMove()

$basename = basename($path);
$originalFullPath = $this->getFullPath($path);
$newFullPath = rtrim($destinationFullPath, '/').'/'.$basename;
$newFullPath = realpath(rtrim($destinationFullPath, '/')) . '/' . $basename;
$safeDir = $this->getAssetsPath();

if ($originalFullPath == $newFullPath) {
continue;
}

if (!starts_with($newFullPath, $safeDir)) {
throw new ApplicationException(Lang::get(
'cms::lang.asset.error_moving_file',
['file' => $basename]
));
}

if (is_file($originalFullPath)) {
if (!@File::move($originalFullPath, $newFullPath)) {
throw new ApplicationException(Lang::get(
Expand Down

0 comments on commit 6711dae

Please sign in to comment.