Merge pull request from GHSA-5vpv-xmcj-9q85

Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>
OpenMage · Jan 26, 2023 · 45330ff · 45330ff
1 parent 06c4594
commit 45330ff
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
@@ -233,6 +233,11 @@ public function deleteDirectory($path)
                 $io->getFilteredPath($path)
             ));
         }
+        if (strpos($pathCmp, chr(0)) !== false
+            || preg_match('#(^|[\\\\/])\.\.($|[\\\\/])#', $pathCmp)
+        ) {
+            throw new Exception('Detected malicious path or filename input.');
+        }
 
         if (Mage::helper('core/file_storage_database')->checkDbUsage()) {
             Mage::getModel('core/file_storage_directory_database')->deleteDirectory($path);