[#42269] - Medea Manager Does Not Follow Symbolic Links
- Closed
- 1 Nov 2023
- Medium
- Build: 5.0-dev
- # 42269
Steps to reproduce the issue
Create a symbolic link (images) that points to another directory (/some/directory/images)
Expected result
Works like a symbolic link
Actual result
Acts like a blank directory with the following error
Joomla\CMS\Filesystem\Path::check() - Snooping out of bounds @ /webdata/public/images/
System information (as much as possible)
PHP Built On: Linux webdev8.uah.edu 4.18.0-477.27.1.el8_8.x86_64 #1 SMP Thu Aug 31 10:29:22 EDT 2023 x86_64
Database Type: mysql
Database Version: 10.3.39-MariaDB
Database Collation: latin1_swedish_ci
Database Connection Collation: utf8mb4_general_ci
Database Connection Encryption: None
Database Server Supports Connection Encryption: No
PHP Version: 7.4.33
Web Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
WebServer to PHP Interface: fpm-fcgi
Joomla! Version: Joomla! 4.4.0 Stable [ Pamoja ] 17-October-2023 16:00 GMT
Additional comments
Only answers I find is for 3.x or lower.
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-11-01 16:15:55 |
| Closed_By | ⇒ | Quy |
Modded the following file:
/webdata/joomla/v009/libraries/src/Filesystem/Path.php
Commenteded out the following starting around line #171.
$path = self::clean($path);
/*
if ((JPATH_ROOT != '') && strpos($path, self::clean(JPATH_ROOT)) !== 0) {
throw new \Exception(
sprintf(
'%1$s() - Snooping out of bounds @ %2$s',
__METHOD__,
self::removeRoot($path)
)
);
}
*/
return $path;
Seems to have worked but still testing
Closing as duplicate of #30616. Thanks.