From 6138331c5b159fdb5a33c1625c16cbe42f803e33 Mon Sep 17 00:00:00 2001
From: Rafael Kassner <kassner@gmail.com>
Date: Thu, 7 Jan 2021 10:15:05 +0100
Subject: [PATCH] Consistent behaviour for disallowed path's errors

---
 app/code/Magento/MediaStorage/App/Media.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/code/Magento/MediaStorage/App/Media.php b/app/code/Magento/MediaStorage/App/Media.php
index fd73519ebd290..21f6fa863aaf2 100644
--- a/app/code/Magento/MediaStorage/App/Media.php
+++ b/app/code/Magento/MediaStorage/App/Media.php
@@ -190,7 +190,8 @@ public function launch(): ResponseInterface
             $fileAbsolutePath = $this->directoryPub->getAbsolutePath($this->relativeFileName);
             $fileRelativePath = str_replace(rtrim($this->mediaDirectoryPath, '/') . '/', '', $fileAbsolutePath);
             if (!$isAllowed($fileRelativePath, $allowedResources)) {
-                throw new LogicException('The path is not allowed: ' . $this->relativeFileName);
+                require_once 'errors/404.php';
+                exit;
             }
         }