CRM_Core_Page_File - Only delivers directly under the customFileUploadDir

diff --git a/CRM/Core/Page/File.php b/CRM/Core/Page/File.php
index b13dd9d66a264c10ce13364ed6b885e2e759f689..04c5a28d7414092471e2acb38d77124fe8740d87 100644 (file)
--- a/CRM/Core/Page/File.php
+++ b/CRM/Core/Page/File.php
@@ -59,6 +59,9 @@ class CRM_Core_Page_File extends CRM_Core_Page {
       list($path, $mimeType) = CRM_Core_BAO_File::path($fileId, $entityId);
     }
     else {
+      if ($fileName !== basename($fileName)) {
+        throw new CRM_Core_Exception("Malformed filename");
+      }
       $mimeType = '';
       $path = CRM_Core_Config::singleton()->customFileUploadDir . $fileName;
     }