aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/inc/functions.inc.php
diff options
context:
space:
mode:
authorPim van den Berg2014-03-23 00:42:03 +0100
committerPim van den Berg2014-03-23 00:46:20 +0100
commit0899936101ba8497092143eec7ca589395bb9740 (patch)
treeafb62482dc001a95d12990d110d0e4a4015f61e4 /inc/functions.inc.php
parenttype/Default: also escape * and ? in identifier before glob (diff)
downloadapt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.zip
apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.gz
apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.bz2
apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.xz
inc/functions.inc.php: rm trailing slash in base and resolve symlink
When there was a symlink in the path of $base, strpos($realpath, $base) would have always return false. Closes: https://github.com/pommi/CGP/pull/49
Diffstat (limited to 'inc/functions.inc.php')
-rw-r--r--inc/functions.inc.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index 6642e51..fed4b10 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -31,6 +31,11 @@ function validate_get($value, $type) {
31} 31}
32 32
33function validateRRDPath($base, $path) { 33function validateRRDPath($base, $path) {
34 $base = preg_replace('/\/$/', '', $base);
35
36 # resolve possible symlink
37 $base = realpath($base);
38
34 $realpath = realpath(sprintf('%s/%s', $base, $path)); 39 $realpath = realpath(sprintf('%s/%s', $base, $path));
35 40
36 if (strpos($realpath, $base) === false) 41 if (strpos($realpath, $base) === false)