mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-12 03:44:21 +02:00
Code Issues Projects Releases Wiki Activity

path traversal fix

Browse Source
This commit is contained in:
Milos Stojanovic
2022-05-24 12:24:30 +02:00
parent beb7d195c6
commit 6e2b68f17f
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/Services/Storage/Filesystem.php
View File

@@ -241,6 +241,7 @@ class Filesystem implements Service
) {
$path = $this->separator;
}
return $this->joinPaths($this->getPathPrefix(), $path);
}
@@ -266,6 +267,9 @@ class Filesystem implements Service
private function joinPaths(string $path1, string $path2): string
{
$path1 = $this->escapeDots($path1);
$path2 = $this->escapeDots($path2);
if (! $path2 || ! trim($path2, $this->separator)) {
return $this->addSeparators($path1);
}
@@ -295,4 +299,14 @@ class Filesystem implements Service
return (string) array_pop($tmp);
}
private function escapeDots(string $path): string
{
$path = preg_replace('/\\\+\.{2,}/', '', $path);
$path = preg_replace('/\.{2,}\\\+/', '', $path);
$path = preg_replace('/\/+\.{2,}/', '', $path);
$path = preg_replace('/\.{2,}\/+/', '', $path);
return $path;
}
}