MAGETWO-83579: RCE via Path Traversal Vulnerability in CMS Image/Media upload

StasKozar · StasKozar · commit c7d1f59fff98 · 2018-03-05T17:33:50.000+02:00
diff --git a/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolderTest.php b/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolderTest.php
@@ -83,9 +83,9 @@ public function testExecuteWithWrongDirectoryName()
         $this->model->getRequest()->setParams(['node' => $this->imagesHelper->idEncode($directoryName)]);
         $this->model->execute();
 
- 	 	$this->assertTrue(
- 	 	    $this->mediaDirectory->isExist(
- 	 	        $this->mediaDirectory->getRelativePath($this->fullDirectoryPath . $directoryName)
+        $this->assertTrue(
+            $this->mediaDirectory->isExist(
+                $this->mediaDirectory->getRelativePath($this->fullDirectoryPath . $directoryName)
             )
         );
     }

Original file line number	Diff line number	Diff line change
`@@ -83,9 +83,9 @@ public function testExecuteWithWrongDirectoryName()`
`83`	`83`	`$this->model->getRequest()->setParams(['node' => $this->imagesHelper->idEncode($directoryName)]);`
`84`	`84`	`$this->model->execute();`
`85`	`85`
`86`		`- $this->assertTrue(`
`87`		`- $this->mediaDirectory->isExist(`
`88`		`- $this->mediaDirectory->getRelativePath($this->fullDirectoryPath . $directoryName)`
	`86`	`+ $this->assertTrue(`
	`87`	`+ $this->mediaDirectory->isExist(`
	`88`	`+ $this->mediaDirectory->getRelativePath($this->fullDirectoryPath . $directoryName)`
`89`	`89`	`)`
`90`	`90`	`);`
`91`	`91`	`}`