diff options
| author | Pim van den Berg | 2014-03-23 00:42:03 +0100 |
|---|---|---|
| committer | Pim van den Berg | 2014-03-23 00:46:20 +0100 |
| commit | 0899936101ba8497092143eec7ca589395bb9740 (patch) | |
| tree | afb62482dc001a95d12990d110d0e4a4015f61e4 /inc/functions.inc.php | |
| parent | type/Default: also escape * and ? in identifier before glob (diff) | |
| download | apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.zip apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.gz apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.bz2 apt-panopticon_cgp-0899936101ba8497092143eec7ca589395bb9740.tar.xz | |
inc/functions.inc.php: rm trailing slash in base and resolve symlink
When there was a symlink in the path of $base, strpos($realpath, $base)
would have always return false.
Closes: https://github.com/pommi/CGP/pull/49
Diffstat (limited to 'inc/functions.inc.php')
| -rw-r--r-- | inc/functions.inc.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php index 6642e51..fed4b10 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php | |||
| @@ -31,6 +31,11 @@ function validate_get($value, $type) { | |||
| 31 | } | 31 | } |
| 32 | 32 | ||
| 33 | function validateRRDPath($base, $path) { | 33 | function validateRRDPath($base, $path) { |
| 34 | $base = preg_replace('/\/$/', '', $base); | ||
| 35 | |||
| 36 | # resolve possible symlink | ||
| 37 | $base = realpath($base); | ||
| 38 | |||
| 34 | $realpath = realpath(sprintf('%s/%s', $base, $path)); | 39 | $realpath = realpath(sprintf('%s/%s', $base, $path)); |
| 35 | 40 | ||
| 36 | if (strpos($realpath, $base) === false) | 41 | if (strpos($realpath, $base) === false) |