Skip to content
Snippets Groups Projects
Commit 073c66a2 authored by Alex Barth's avatar Alex Barth
Browse files

#755556 Clarify why only files in site's files directory are valid.

parent f57e9563
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
plugins/FeedsFileFetcher.inc
+ 3
0
View file @ 073c66a2
...@@ -85,6 +85,9 @@ class FeedsFileFetcher extends FeedsFetcher { ...@@ -85,6 +85,9 @@ class FeedsFileFetcher extends FeedsFetcher {
elseif (empty($values['source'])) { elseif (empty($values['source'])) {
form_set_error('feeds][source', t('Upload a file first.')); form_set_error('feeds][source', t('Upload a file first.'));
} }
// If a file has not been uploaded and $values['source'] is not empty, make
// sure that this file is within Drupal's files directory as otherwise
// potentially any file that the web server has access could be exposed.
elseif (!file_check_location($values['source'], file_directory_path())) { elseif (!file_check_location($values['source'], file_directory_path())) {
form_set_error('feeds][source', t('File needs to point to a file in your Drupal file system path.')); form_set_error('feeds][source', t('File needs to point to a file in your Drupal file system path.'));
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment