Fix: tmp_dir relative to __DIR__ (zipnload)

Signed-off-by: Marco Dickert <marco@misterunknown.de>
2025-08-13 11:34:00 +02:00 · 2020-05-11 17:07:18 +02:00
parent a483ea936b
commit 26aea21e5d
3 changed files with 23 additions and 24 deletions
--- a/build/libifm.php
+++ b/build/libifm.php
@@ -3884,8 +3884,9 @@ f00bar;
 			elseif ( ! $this->isFilenameValid( $d['filename'] ) )
 				$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
 			else {
 				trigger_error("foo bar");
 				unset( $zip );
-				$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
+				$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
 				try {
 					IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
 					if( $d['filename'] == "." ) {
@@ -4307,13 +4308,12 @@ f00bar;
 	}
 	// combines two parts to a valid path
-	private function pathCombine( $a, $b ) {
+	private function pathCombine(...$parts) {
-		if( trim( $a ) == "" && trim( $b ) == "" )
+		$ret = "";
-			return "";
+		foreach($parts as $part)
-		elseif( trim( $a ) == "" )
+			if (trim($part) != "")
-			return ltrim( $b, '/' );
+				$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
-		else
+		return rtrim($ret, "/");
 			return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
 	}
 	// check if filename is allowed
--- a/ifm.php
+++ b/ifm.php
@@ -3884,8 +3884,9 @@ f00bar;
 			elseif ( ! $this->isFilenameValid( $d['filename'] ) )
 				$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
 			else {
 				trigger_error("foo bar");
 				unset( $zip );
-				$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
+				$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
 				try {
 					IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
 					if( $d['filename'] == "." ) {
@@ -4307,13 +4308,12 @@ f00bar;
 	}
 	// combines two parts to a valid path
-	private function pathCombine( $a, $b ) {
+	private function pathCombine(...$parts) {
-		if( trim( $a ) == "" && trim( $b ) == "" )
+		$ret = "";
-			return "";
+		foreach($parts as $part)
-		elseif( trim( $a ) == "" )
+			if (trim($part) != "")
-			return ltrim( $b, '/' );
+				$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
-		else
+		return rtrim($ret, "/");
 			return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
 	}
 	// check if filename is allowed
--- a/src/main.php
+++ b/src/main.php
@@ -820,7 +820,7 @@ f00bar;
 				$this->jsonResponse( array( "status" => "ERROR", "message" => $this->l['invalid_filename'] ) );
 			else {
 				unset( $zip );
-				$dfile = $this->pathCombine( $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
+				$dfile = $this->pathCombine( __DIR__, $this->config['tmp_dir'], uniqid( "ifm-tmp-" ) . ".zip" ); // temporary filename
 				try {
 					IFMArchive::createZip( realpath( $d['filename'] ), $dfile );
 					if( $d['filename'] == "." ) {
@@ -1242,13 +1242,12 @@ f00bar;
 	}
 	// combines two parts to a valid path
-	private function pathCombine( $a, $b ) {
+	private function pathCombine(...$parts) {
-		if( trim( $a ) == "" && trim( $b ) == "" )
+		$ret = "";
-			return "";
+		foreach($parts as $part)
-		elseif( trim( $a ) == "" )
+			if (trim($part) != "")
-			return ltrim( $b, '/' );
+				$ret .= (empty($ret)?rtrim($part,"/"):trim($part, '/'))."/";
-		else
+		return rtrim($ret, "/");
 			return rtrim( $a, '/' ) . '/' . trim( $b, '/' );
 	}
 	// check if filename is allowed