mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-10 10:04:01 +02:00
Code Issues Releases Wiki Activity

Fix: tmp_dir relative to __DIR__ (zipnload)

Browse Source 
Signed-off-by: Marco Dickert <marco@misterunknown.de>
This commit is contained in:
Marco Dickert
2020-05-11 17:07:18 +02:00
parent a483ea936b
commit 26aea21e5d
3 changed files with 23 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
build/libifm.php
View File

@@ -3884,8 +3884,9 @@ f00bar;
elseif ( ! $this->isFilenameValid( $d['filename'] ) )
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
else {
trigger_error("foo bar");
unset( $zip );
$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
try {
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
if( $d['filename'] == "." ) {
@@ -4307,13 +4308,12 @@ f00bar;
}
// combines two parts to a valid path
private function pathCombine( $a, $b ) {
if( trim( $a ) == "" && trim( $b ) == "" )
return "";
elseif( trim( $a ) == "" )
return ltrim( $b, '/' );
else
return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
private function pathCombine(...$parts) {
$ret = "";
foreach($parts as $part)
if (trim($part) != "")
$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
return rtrim($ret, "/");
}
// check if filename is allowed

16
ifm.php
View File

@@ -3884,8 +3884,9 @@ f00bar;
elseif ( ! $this->isFilenameValid( $d['filename'] ) )
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
else {
trigger_error("foo bar");
unset( $zip );
$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
try {
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
if( $d['filename'] == "." ) {
@@ -4307,13 +4308,12 @@ f00bar;
}
// combines two parts to a valid path
private function pathCombine( $a, $b ) {
if( trim( $a ) == "" && trim( $b ) == "" )
return "";
elseif( trim( $a ) == "" )
return ltrim( $b, '/' );
else
return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
private function pathCombine(...$parts) {
$ret = "";
foreach($parts as $part)
if (trim($part) != "")
$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
return rtrim($ret, "/");
}
// check if filename is allowed

15
src/main.php
View File

@@ -820,7 +820,7 @@ f00bar;
$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
else {
unset( $zip );
$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
try {
IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
if( $d['filename'] == "." ) {
@@ -1242,13 +1242,12 @@ f00bar;
}
// combines two parts to a valid path
private function pathCombine( $a, $b ) {
if( trim( $a ) == "" && trim( $b ) == "" )
return "";
elseif( trim( $a ) == "" )
return ltrim( $b, '/' );
else
return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
private function pathCombine(...$parts) {
$ret = "";
foreach($parts as $part)
if (trim($part) != "")
$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
return rtrim($ret, "/");
}
// check if filename is allowed