svc-admin01/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed FD-55839 - arbitrary file deletion

Browse Source
This commit is contained in:
snipe
2026-06-08 16:48:18 +01:00
parent df0ee6020a
commit abc4363e83
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Assets/AssetsController.php
+2 -2
View File
@@ -443,7 +443,7 @@ class AssetsController extends Controller
if ($request->filled('image_delete')) {
try {
unlink(public_path().'/uploads/assets/'.$asset->image);
unlink(public_path().'/uploads/assets/'.basename($asset->image));
$asset->image = '';
} catch (\Exception $e) {
Log::info($e);
@@ -549,7 +549,7 @@ class AssetsController extends Controller
if ($asset->image) {
try {
Storage::disk('public')->delete('assets'.'/'.$asset->image);
Storage::disk('public')->delete('assets/'.basename($asset->image));
} catch (\Exception $e) {
Log::debug($e);
}
app/Importer/AssetImporter.php
+1 -1
View File
@@ -111,7 +111,7 @@ class AssetImporter extends ItemImporter
}
$this->item['notes'] = trim($this->findCsvMatch($row, 'asset_notes'));
$this->item['image'] = trim($this->findCsvMatch($row, 'image'));
$this->item['image'] = basename(trim($this->findCsvMatch($row, 'image')));
$this->item['requestable'] = trim(($this->fetchHumanBoolean($this->findCsvMatch($row, 'requestable'))) == 1) ? '1' : 0;
$asset->requestable = $this->item['requestable'];
$this->item['warranty_months'] = intval(trim($this->findCsvMatch($row, 'warranty_months')));