holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport safeguard

Browse Source
This commit is contained in:
Ralf Becker 2018-05-05 11:58:02 +02:00
parent c16bacb70a
commit 0838e8c57d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mail/inc/class.mail_compose.inc.php
View File

@ -952,6 +952,11 @@ class mail_compose
Framework::message(lang('Directories have to be shared.'), 'info');
}
}
// do not allow to attache something from server filesystem outside configured temp_dir
elseif (strpos(realpath(parse_url($path, PHP_URL_PATH)), realpath($GLOBALS['egw_info']['server']['temp_dir']).'/') !== 0)
{
error_log(__METHOD__."() Attaching '$path' outside configured temp. directory '{$GLOBALS['egw_info']['server']['temp_dir']}' denied!");
}
elseif(is_readable($path))
{
$formData = array(