From f068b48fce979a5a27d18374437f1887245758c6 Mon Sep 17 00:00:00 2001 From: Flavio Copes Date: Sat, 16 Jan 2016 18:30:26 +0100 Subject: [PATCH] Don't reveal Grav filesystem path when trying to delete non-existing images --- classes/controller.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/classes/controller.php b/classes/controller.php index 9f4f4b56..a67100cf 100644 --- a/classes/controller.php +++ b/classes/controller.php @@ -668,7 +668,7 @@ class AdminController $filename = !empty($this->post['filename']) ? $this->post['filename'] : null; if ($filename) { - $targetPath = $page->path().'/'.$filename; + $targetPath = $page->path() . '/' . $filename; if (file_exists($targetPath)) { if (unlink($targetPath)) { @@ -679,18 +679,20 @@ class AdminController } else { //Try with responsive images @1x, @2x, @3x $ext = pathinfo($targetPath, PATHINFO_EXTENSION); - $filename = $page->path() . '/'. basename($targetPath, ".$ext"); - $responsiveTargetPath = $filename . '@1x.' . $ext; + $fullPathFilename = $page->path() . '/'. basename($targetPath, ".$ext"); + $responsiveTargetPath = $fullPathFilename . '@1x.' . $ext; + $deletedResponsiveImage = false; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; } - $responsiveTargetPath = $filename . '@2x.' . $ext; + $responsiveTargetPath = $fullPathFilename . '@2x.' . $ext; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; } - $responsiveTargetPath = $filename . '@3x.' . $ext; + + $responsiveTargetPath = $fullPathFilename . '@3x.' . $ext; if (file_exists($responsiveTargetPath) && unlink($responsiveTargetPath)) { $deletedResponsiveImage = true; }