From b896510be12b0588c4c690e18e7c4b7dabb89e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Tak=C3=A1=C4=8D?= <martin@takac.name>
Date: Tue, 26 Nov 2019 14:15:35 +0100
Subject: [PATCH] Fix FileResponse: If the file has strict privileges, it will
 crash the entire application.

---
 src/Application/Responses/FileResponse.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Application/Responses/FileResponse.php b/src/Application/Responses/FileResponse.php
index 18d31df19..7b2a5b456 100644
--- a/src/Application/Responses/FileResponse.php
+++ b/src/Application/Responses/FileResponse.php
@@ -40,6 +40,9 @@ public function __construct(string $file, string $name = null, string $contentTy
 		if (!is_file($file)) {
 			throw new Nette\Application\BadRequestException("File '$file' doesn't exist.");
 		}
+		if (!is_readable($file)) {
+			throw new Nette\Application\BadRequestException("File '$file' is not readable.");
+		}
 
 		$this->file = $file;
 		$this->name = $name ?? basename($file);
@@ -88,6 +91,9 @@ public function send(Nette\Http\IRequest $httpRequest, Nette\Http\IResponse $htt
 
 		$filesize = $length = filesize($this->file);
 		$handle = fopen($this->file, 'r');
+		if (!$handle) {
+			throw new Nette\Application\BadRequestException("Cannot open file: '{$this->file}'.");
+		}
 
 		if ($this->resuming) {
 			$httpResponse->setHeader('Accept-Ranges', 'bytes');