Fix creating asset files

Fixes #5228
2020-07-30 10:35:02 -06:00 · 2020-07-30 10:35:02 -06:00 · b1954e9258
parent d49266ad90
commit b1954e9258
1 changed files with 15 additions and 2 deletions
--- a/modules/cms/classes/Asset.php
+++ b/modules/cms/classes/Asset.php
@ -285,9 +285,22 @@ class Asset extends Extendable
            $fileName = $this->fileName;
        }

-        // Limit paths to those under the assets directory
        $directory = $this->theme->getPath() . '/' . $this->dirName . '/';
-        $path = realpath($directory . $fileName);
+        $filePath = $directory . $fileName;
+        $path = realpath($filePath);
+
+        /**
+         * If the path doesn't exist yet, then create it temporarily
+         * in order to run realpath() resolution on it to verify the
+         * final destination and then remove the temporary file.
+         */
+        if (!$path) {
+            touch($filePath);
+            $path = realpath($filePath);
+            unlink($filePath);
+        }
+
+        // Limit paths to those under the theme's assets directory
        if (!starts_with($path, $directory)) {
            return false;
        }