diff --git a/modules/backend/widgets/Lists.php b/modules/backend/widgets/Lists.php index bc83c11f6..51a425c2c 100644 --- a/modules/backend/widgets/Lists.php +++ b/modules/backend/widgets/Lists.php @@ -522,7 +522,7 @@ class Lists extends WidgetBase /* * Apply sorting */ - if (($sortColumn = $this->getSortColumn()) && !$this->showTree) { + if (($sortColumn = $this->getSortColumn()) && !$this->showTree && in_array($sortColumn, array_keys($this->getVisibleColumns()))) { if (($column = array_get($this->allColumns, $sortColumn)) && $column->valueFrom) { $sortColumn = $this->isColumnPivot($column) ? 'pivot_' . $column->valueFrom diff --git a/modules/cms/classes/Asset.php b/modules/cms/classes/Asset.php index 1073f8ed8..12b79ea35 100644 --- a/modules/cms/classes/Asset.php +++ b/modules/cms/classes/Asset.php @@ -285,9 +285,22 @@ class Asset extends Extendable $fileName = $this->fileName; } - // Limit paths to those under the assets directory $directory = $this->theme->getPath() . '/' . $this->dirName . '/'; - $path = realpath($directory . $fileName); + $filePath = $directory . $fileName; + $path = realpath($filePath); + + /** + * If the path doesn't exist yet, then create it temporarily + * in order to run realpath() resolution on it to verify the + * final destination and then remove the temporary file. + */ + if (!$path) { + touch($filePath); + $path = realpath($filePath); + unlink($filePath); + } + + // Limit paths to those under the theme's assets directory if (!starts_with($path, $directory)) { return false; } diff --git a/modules/system/assets/ui/storm-min.js b/modules/system/assets/ui/storm-min.js index 632ec830d..e5b26e6a0 100644 --- a/modules/system/assets/ui/storm-min.js +++ b/modules/system/assets/ui/storm-min.js @@ -5805,7 +5805,8 @@ TextEditor.prototype.getPopupContent=function(){return'
\
\

\ - \
\
\
\