7224fbcc89
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
|
||
|---|---|---|
| .. | ||
| Attachment.php | ||
| AttachmentService.php | ||
| HttpFetcher.php | ||
| Image.php | ||
| ImageRepo.php | ||
| ImageService.php | ||
| UserAvatars.php | ||