From c7e8614ada79cf86b369a96032586c9ca895feac Mon Sep 17 00:00:00 2001
From: Marco Antonio Nina Mena <marco.antonio.nina@processmaker.com>
Date: Wed, 11 Oct 2017 13:26:34 -0400
Subject: [PATCH] - sanitize field current_directory

---
 .../engine/methods/processes/processes_GetFile.php    | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/workflow/engine/methods/processes/processes_GetFile.php b/workflow/engine/methods/processes/processes_GetFile.php
index b8204d97a..02f1ac2dd 100644
--- a/workflow/engine/methods/processes/processes_GetFile.php
+++ b/workflow/engine/methods/processes/processes_GetFile.php
@@ -4,7 +4,7 @@ $RBAC->allows(basename(__FILE__), $_GET['MAIN_DIRECTORY']);
 
 $mainDirectory = !empty($_GET['MAIN_DIRECTORY']) ? $_GET['MAIN_DIRECTORY'] : '';
 $proUid = !empty($_GET['PRO_UID']) ? $_GET['PRO_UID'] : '';
-$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? $_GET['CURRENT_DIRECTORY'] . PATH_SEP : '';
+$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? realpath($_GET['CURRENT_DIRECTORY']) . PATH_SEP : '';
 $file = !empty($_GET['FILE']) ? $_GET['FILE'] : '';
 $extension = (!empty($_GET['sFilextension']) && $_GET['sFilextension'] === 'javascript') ? '.js' : '';
 
@@ -24,14 +24,7 @@ switch ($mainDirectory) {
         break;
 }
 
-$directory .= $proUid . PATH_SEP;
-
-//Delete return directory because path exists in PATH_DATA_MAILTEMPLATES or PATH_DATA_PUBLIC
-foreach (pathinfo($currentDirectory) as $value) {
-    if ($value !== '..') {
-        $directory .= $value . PATH_SEP;
-    }
-}
+$directory .= $proUid . PATH_SEP . $currentDirectory;
 $file .= $extension;
 
 if (file_exists($directory . $file)) {