Fixed an RCE vulnerability

craftcms · Sep 11, 2024 · 123e48a · 123e48a
1 parent 7820268
commit 123e48a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Updated Twig to 3.14. ([#15704](https://github.com/craftcms/cms/issues/15704))
+- Fixed an RCE vulnerability.
 
 ## 4.12.1 - 2024-09-06
 

diff --git a/src/helpers/FileHelper.php b/src/helpers/FileHelper.php
@@ -133,7 +133,7 @@ public static function absolutePath(
             $from = static::absolutePath($from, ds: $ds);
         }
 
-        return $from . $ds . $to;
+        return static::normalizePath($from . $ds . $to, $ds);
     }
 
     /**