AssetController: directory traversal vulnerability issue

git-svn-id: http://www.pimcore.org/svn/pimcore/private/core/trunk@6458 1f8fe7d8-47f0-464c-8d0a-336f4953ab05
pimcore · Apr 20, 2015 · 4f2a95f · 4f2a95f
1 parent 64f8b90
commit 4f2a95f
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pimcore/modules/admin/controllers/AssetController.php b/pimcore/modules/admin/controllers/AssetController.php
@@ -210,6 +210,13 @@ protected function addAsset()
             $parent = Asset::getById($this->getParam("parentId"));
             $newPath = $parent->getFullPath() . "/" . trim($this->getParam("dir"), "/ ");
 
+            // check if the path is outside of the asset directory
+            $newRealPath = PIMCORE_ASSET_DIRECTORY . $newPath;
+            $newRealPath= realpath($newRealPath);
+            if (strpos($newRealPath, PIMCORE_ASSET_DIRECTORY) !== 0) {
+                throw new Exception("not allowed");
+            }
+
             $maxRetries = 5;
             for ($retries=0; $retries<$maxRetries; $retries++) {
                 try {