Merge pull request #1290 from nickvergessen/ticket/11362

Correctly sanitise the directory path in finder

phpBB/includes/extension/finder.php

@@ -23,6 +23,7 @@ if (!defined('IN_PHPBB'))
 class phpbb_extension_finder
 {
 	protected $extension_manager;
+	protected $filesystem;
 	protected $phpbb_root_path;
 	protected $cache;
 	protected $php_ext;
@@ -54,15 +55,17 @@ class phpbb_extension_finder
 	* @param phpbb_extension_manager $extension_manager An extension manager
 	*            instance that provides the finder with a list of active
 	*            extensions and their locations
+	* @param phpbb_filesystem $filesystem Filesystem instance
 	* @param string $phpbb_root_path Path to the phpbb root directory
 	* @param phpbb_cache_driver_interface $cache A cache instance or null
 	* @param string $php_ext php file extension
 	* @param string $cache_name The name of the cache variable, defaults to
 	*                           _ext_finder
 	*/
-	public function __construct(phpbb_extension_manager $extension_manager, $phpbb_root_path = '', phpbb_cache_driver_interface $cache = null, $php_ext = '.php', $cache_name = '_ext_finder')
+	public function __construct(phpbb_extension_manager $extension_manager, phpbb_filesystem $filesystem, $phpbb_root_path = '', phpbb_cache_driver_interface $cache = null, $php_ext = '.php', $cache_name = '_ext_finder')
 	{
 		$this->extension_manager = $extension_manager;
+		$this->filesystem = $filesystem;
 		$this->phpbb_root_path = $phpbb_root_path;
 		$this->cache = $cache;
 		$this->php_ext = $php_ext;
@@ -227,7 +230,7 @@ class phpbb_extension_finder
 	*/
 	protected function sanitise_directory($directory)
 	{
-		$directory = preg_replace('#(?:^|/)\./#', '/', $directory);
+		$directory = $this->filesystem->clean_path($directory);
 		$dir_len = strlen($directory);
 
 		if ($dir_len > 1 && $directory[$dir_len - 1] === '/')

phpBB/includes/extension/manager.php

@@ -44,13 +44,14 @@ class phpbb_extension_manager
 	* @param phpbb_db_driver $db A database connection
 	* @param phpbb_config $config phpbb_config
 	* @param phpbb_db_migrator $migrator
+	* @param phpbb_filesystem $filesystem
 	* @param string $extension_table The name of the table holding extensions
 	* @param string $phpbb_root_path Path to the phpbb includes directory.
 	* @param string $php_ext php file extension
 	* @param phpbb_cache_driver_interface $cache A cache instance or null
 	* @param string $cache_name The name of the cache variable, defaults to _ext
 	*/
-	public function __construct(ContainerInterface $container, phpbb_db_driver $db, phpbb_config $config, phpbb_db_migrator $migrator, $extension_table, $phpbb_root_path, $php_ext = '.php', phpbb_cache_driver_interface $cache = null, $cache_name = '_ext')
+	public function __construct(ContainerInterface $container, phpbb_db_driver $db, phpbb_config $config, phpbb_db_migrator $migrator, phpbb_filesystem $filesystem, $extension_table, $phpbb_root_path, $php_ext = '.php', phpbb_cache_driver_interface $cache = null, $cache_name = '_ext')
 	{
 		$this->container = $container;
 		$this->phpbb_root_path = $phpbb_root_path;
@@ -58,6 +59,7 @@ class phpbb_extension_manager
 		$this->config = $config;
 		$this->migrator = $migrator;
 		$this->cache = $cache;
+		$this->filesystem = $filesystem;
 		$this->php_ext = $php_ext;
 		$this->extension_table = $extension_table;
 		$this->cache_name = $cache_name;
@@ -510,7 +512,7 @@ class phpbb_extension_manager
 	*/
 	public function get_finder()
 	{
-		return new phpbb_extension_finder($this, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder');
+		return new phpbb_extension_finder($this, $this->filesystem, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder');
 	}
 
 	/**

phpBB/includes/filesystem.php

@@ -0,0 +1,52 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* A class with various functions that are related to paths, files and the filesystem
+* @package phpBB3
+*/
+class phpbb_filesystem
+{
+	/**
+	* Eliminates useless . and .. components from specified path.
+	*
+	* @param string $path Path to clean
+	* @return string Cleaned path
+	*/
+	public function clean_path($path)
+	{
+		$exploded = explode('/', $path);
+		$filtered = array();
+		foreach ($exploded as $part)
+		{
+			if ($part === '.' && !empty($filtered))
+			{
+				continue;
+			}
+
+			if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
+			{
+				array_pop($filtered);
+			}
+			else
+			{
+				$filtered[] = $part;
+			}
+		}
+		$path = implode('/', $filtered);
+		return $path;
+	}
+}

phpBB/includes/functions.php

@@ -1049,31 +1049,33 @@ else
 /**
 * Eliminates useless . and .. components from specified path.
 *
+* Deprecated, use filesystem class instead
+*
 * @param string $path Path to clean
 * @return string Cleaned path
+*
+* @deprecated
 */
 function phpbb_clean_path($path)
 {
-	$exploded = explode('/', $path);
-	$filtered = array();
-	foreach ($exploded as $part)
-	{
-		if ($part === '.' && !empty($filtered))
-		{
-			continue;
-		}
+	global $phpbb_container;
 
-		if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
-		{
-			array_pop($filtered);
-		}
-		else
-		{
-			$filtered[] = $part;
-		}
+	if ($phpbb_container)
+	{
+		$phpbb_filesystem = $phpbb_container->get('filesystem');
 	}
-	$path = implode('/', $filtered);
-	return $path;
+	else
+	{
+		// The container is not yet loaded, use a new instance
+		if (!class_exists('phpbb_filesystem'))
+		{
+			global $phpbb_root_path, $phpEx;
+			require($phpbb_root_path . 'includes/filesystem.' . $phpEx);
+		}
+		$phpbb_filesystem = new phpbb_filesystem();
+	}
+
+	return $phpbb_filesystem->clean_path($path);
 }
 
 // functions used for building option fields