mirror/minify
1
0
Fork 0
mirror of https://github.com/mrclay/minify.git synced 2025-02-19 22:44:56 +01:00
Code Issues Releases Wiki Activity

normalize paths before checking allowed dirs

Browse Source
This commit is contained in:
Dmitry Demidovsky 2015-12-04 14:02:02 +03:00
parent 6998e61654
commit da70e92cc1
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/Minify/Source/Factory.php
View File

@ -110,6 +110,25 @@ class Minify_Source_Factory {
return $realpath; return $realpath;
} }
/**
* @param string $path
* @return string
*/
public function getNormalizedPath($path)
{
// turn windows-style slashes into unix-style
$norm = str_replace("\\", "/", $path);
// lowercase drive letter
if (preg_match('/^\w:/', $norm)) {
$norm = lcfirst($norm);
}
return $norm;
}
/** /**
* @param mixed $spec * @param mixed $spec
* *
@ -140,7 +159,7 @@ class Minify_Source_Factory {
if ($this->options['checkAllowDirs']) { if ($this->options['checkAllowDirs']) {
foreach ((array)$this->options['allowDirs'] as $allowDir) { foreach ((array)$this->options['allowDirs'] as $allowDir) {
if (strpos($spec['filepath'], $allowDir) !== 0) { if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) !== 0) {
throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs."
. " If the path is resolved via an alias/symlink, look into the \$min_symlinks option."); . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option.");
} }