Skip to content
Snippets Groups Projects

validate filenames and sanitise permissions

Open validate filenames and sanitise permissions
issue/drupal-3526769:3526769-avoid-abuse-of into 11.x
Open Drew Webber requested to merge issue/drupal-3526769:3526769-avoid-abuse-of into 11.x
Compare
and
1 file
+ 6
1
Compare changes
  • Side-by-side
  • Inline
core/modules/config/src/Form/ConfigImportForm.php
+ 6
1
@@ -121,9 +121,14 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
$archiver = new ArchiveTar($path, 'gz');
$files = [];
foreach ($archiver->listContent() as $file) {
$files[] = $file['filename'];
if (str_ends_with($file['filename'], '.yml')) {
$files[] = $file['filename'];
}
}
$archiver->extractList($files, $this->settings->get('config_sync_directory'), '', FALSE, FALSE);
foreach ($files as $file) {
$this->fileSystem->chmod($this->settings->get('config_sync_directory') . DIRECTORY_SEPARATOR . $file);
}
$this->messenger()->addStatus($this->t('Your configuration files were successfully uploaded and are ready for import.'));
$form_state->setRedirect('config.sync');
}