Skip to content

Commit

Permalink
Replace path verification with component name validation
Browse files Browse the repository at this point in the history
  • Loading branch information
pascal-meunier authored and erichhuebner committed Jul 15, 2021
1 parent eb3fed1 commit a2727a9
Showing 1 changed file with 2 additions and 9 deletions.
11 changes: 2 additions & 9 deletions core/libraries/Hubzero/Component/ApiController.php
Original file line number Diff line number Diff line change
Expand Up @@ -1011,15 +1011,8 @@ protected function resolveModel()
$file = strtolower(end($file));

$path = \Component::path($this->_option) . '/models/' . $file . '.php';
$can_path = realpath($path);
if ($can_path != $path) {
App::abort(404, Lang::txt('JLIB_APPLICATION_ERROR_COMPONENT_NOT_FOUND', $model));
}
if (is_readable($path)) {
require_once $path;
} else {
App::abort(500, 'Required file is not readable', $model));
}

require_once $path;

if (!class_exists($model))
{
Expand Down

0 comments on commit a2727a9

Please sign in to comment.