Commit 157af3a3 by Mark

added check for file name

parent b96fec7b
...@@ -97,7 +97,7 @@ class DefaultController extends Controller ...@@ -97,7 +97,7 @@ class DefaultController extends Controller
{ {
$filePath = Yii::getAlias($this->module->panels['mail']->mailPath) . '/' . basename($file); $filePath = Yii::getAlias($this->module->panels['mail']->mailPath) . '/' . basename($file);
if (!is_file($filePath)) { if ((mb_strpos($file, '\\') !== false || mb_strpos($file, '/') !== false) || !is_file($filePath)) {
throw new NotFoundHttpException('Mail file not found'); throw new NotFoundHttpException('Mail file not found');
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment