diff --git a/index.php b/index.php index dbe285f..938a49b 100644 --- a/index.php +++ b/index.php @@ -120,6 +120,11 @@ $sourceFactoryOptions = array(); if (isset($min_serveOptions['minApp']['noMinPattern'])) { $sourceFactoryOptions['noMinPattern'] = $min_serveOptions['minApp']['noMinPattern']; } + +if (isset($min_serveOptions['minApp']['allowDirs'])) { + $sourceFactoryOptions['allowDirs'] = $min_serveOptions['minApp']['allowDirs']; +} + $sourceFactory = new Minify_Source_Factory($env, $sourceFactoryOptions, $cache); $controller = call_user_func($min_factories['controller'], $env, $sourceFactory); diff --git a/lib/Minify/Source/Factory.php b/lib/Minify/Source/Factory.php index 8b41e55..c65ce6d 100644 --- a/lib/Minify/Source/Factory.php +++ b/lib/Minify/Source/Factory.php @@ -110,6 +110,20 @@ class Minify_Source_Factory { return $realpath; } + /** + * turn windows-style slashes into unix-style, + * remove trailing slash + * and lowercase drive letter + * + * @param string $path absolute path + * + * @return string + */ + public function getNormalizedPath($path) + { + return lcfirst(rtrim(str_replace('\\', '/', $path), '/')); + } + /** * @param mixed $spec * @@ -139,12 +153,17 @@ class Minify_Source_Factory { } if ($this->options['checkAllowDirs']) { + $inAllowedDir = false; foreach ((array)$this->options['allowDirs'] as $allowDir) { - if (strpos($spec['filepath'], $allowDir) !== 0) { - throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." - . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option."); + if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) === 0) { + $inAllowedDir = true; } } + + if (!$inAllowedDir) { + throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." + . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option."); + } } $basename = basename($spec['filepath']);