composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°3248 - code hardening

Browse Source 
(cherry picked from commit 6a25933744)
(cherry picked from commit f74c78d61c)
This commit is contained in:
Eric
2020-08-18 17:21:25 +02:00
committed by Pierre Goiffon
parent 090119147c
commit 1f53757318
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
application/transaction.class.inc.php
View File

@@ -233,7 +233,14 @@ class privUITransactionFile
*/
public static function IsTransactionValid($id, $bRemoveTransaction = true)
{
$sFilepath = APPROOT.'data/transactions/'.$id;
// Constraint the transaction file within APPROOT.'data/transactions'
$sTransactionDir = realpath(APPROOT.'data/transactions');
$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
{
return false;
}
clearstatcache(true, $sFilepath);
$bResult = file_exists($sFilepath);
if ($bResult)