diff options
Diffstat (limited to 'app/Module/ModuleCustomTrait.php')
| -rw-r--r-- | app/Module/ModuleCustomTrait.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/app/Module/ModuleCustomTrait.php b/app/Module/ModuleCustomTrait.php index da495426ba..8ad41d82a7 100644 --- a/app/Module/ModuleCustomTrait.php +++ b/app/Module/ModuleCustomTrait.php @@ -24,6 +24,7 @@ use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; use Fisharebest\Webtrees\Mime; use Fisharebest\Webtrees\Registry; +use Fisharebest\Webtrees\Validator; use GuzzleHttp\Client; use GuzzleHttp\Exception\GuzzleException; use Psr\Http\Message\ResponseInterface; @@ -171,7 +172,7 @@ trait ModuleCustomTrait public function getAssetAction(ServerRequestInterface $request): ResponseInterface { // The file being requested. e.g. "css/theme.css" - $asset = $request->getQueryParams()['asset']; + $asset = Validator::queryParams($request)->string('asset'); // Do not allow requests that try to access parent folders. if (str_contains($asset, '..')) { |
