fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Simplify RVE-2026-6 patch using R\F\Security::sanitize()

Browse source
This commit is contained in:
Kijin Sung 2026-03-31 21:04:39 +09:00
parent b1f84365a5
commit 6be98ff58c
2 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/file/file.admin.controller.php
View file

@ -438,7 +438,7 @@ class FileAdminController extends File
Rhymix\Framework\Storage::createDirectory($temp_dir);
}
$command = vsprintf('%s %s -resize %dx%d -quality %d %s %s %s', [
(preg_match('![^a-z0-9/._-]!', $config->magick_command) || \RX_WINDOWS) ? escapeshellarg($config->magick_command) : $config->magick_command,
Rhymix\Framework\Security::sanitize($config->magick_command, 'command'),
escapeshellarg(FileHandler::getRealPath($file->uploaded_filename)),
$width, $height, $quality,
'-auto-orient -strip',