mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-23 23:02:58 +02:00
Code Issues Releases Wiki Activity

Attempt to fix issue processwire/processwire-issues#554 isue with $files->include() and Windows paths

Browse Source
This commit is contained in:
Ryan Cramer
2018-03-30 10:45:35 -04:00
parent b1214fa0c4
commit 2722345aac
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wire/core/WireFileTools.php
View File

@@ -693,7 +693,6 @@ class WireFileTools extends Wire {
$options = array_merge($defaults, $options); $options = array_merge($defaults, $options);
$filename = trim($filename); $filename = trim($filename);
if(DIRECTORY_SEPARATOR != '/') $filename = str_replace(DIRECTORY_SEPARATOR, '/', $filename);
// add .php extension if filename doesn't already have an extension // add .php extension if filename doesn't already have an extension
if($options['autoExtension'] && !strrpos(basename($filename), '.')) { if($options['autoExtension'] && !strrpos(basename($filename), '.')) {
@@ -707,6 +706,8 @@ class WireFileTools extends Wire {
if($filename === false) throw new WireException("File does not exist: $_filename"); if($filename === false) throw new WireException("File does not exist: $_filename");
} }
if(DIRECTORY_SEPARATOR != '/') $filename = str_replace(DIRECTORY_SEPARATOR, '/', $filename);
if(strpos($filename, '//') !== false) { if(strpos($filename, '//') !== false) {
throw new WireException("File is not allowed (double-slash): $filename"); throw new WireException("File is not allowed (double-slash): $filename");
} }
@@ -722,6 +723,7 @@ class WireFileTools extends Wire {
// absolute path, make sure it's part of PW's installation // absolute path, make sure it's part of PW's installation
$allowed = false; $allowed = false;
foreach($options['allowedPaths'] as $path) { foreach($options['allowedPaths'] as $path) {
if(DIRECTORY_SEPARATOR != '/') $path = str_replace(DIRECTORY_SEPARATOR, '/', $path);
if(strpos($filename, $path) === 0) $allowed = true; if(strpos($filename, $path) === 0) $allowed = true;
} }
if(!$allowed) throw new WireException("File is not in an allowed path: $filename"); if(!$allowed) throw new WireException("File is not in an allowed path: $filename");