Merge pull request from GHSA-5vpv-xmcj-9q85

colinmollenhour · fballiano · fballiano · commit 0ef51ec1d49d · 2023-01-26T10:00:00.000Z
Co-authored-by: Fabrizio Balliano &lt;fabrizio.balliano@gmail.com&gt;
diff --git a/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/core/Mage/Cms/Model/Wysiwyg/Images/Storage.php
@@ -231,6 +231,11 @@ public function deleteDirectory($path)
                 $io->getFilteredPath($path)
             ));
         }
+        if (strpos($pathCmp, chr(0)) !== false
+            || preg_match('#(^|[\\\\/])\.\.($|[\\\\/])#', $pathCmp)
+        ) {
+            throw new Exception('Detected malicious path or filename input.');
+        }
 
         if (Mage::helper('core/file_storage_database')->checkDbUsage()) {
             Mage::getModel('core/file_storage_directory_database')->deleteDirectory($path);
