Checking includes for valid paths

[friendica.git] / boot.php

diff --git a/boot.php b/boot.php
index 3116bb94b9c188bffa581ef050f4c3fa9d6c8be1..22cd34e062d6fcdb4001a11ea2744b5b00cc1d41 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -1893,3 +1893,31 @@ if(!function_exists('exif_imagetype')) {
                return($size[2]);
        }
 }
+
+function validate_include(&$file) {
+       $orig_file = $file;
+
+       $file = realpath($file);
+
+       if (strpos($file, getcwd()) !== 0)
+               return false;
+
+       $file = str_replace(getcwd()."/", "", $file, $count);
+       if ($count != 1)
+               return false;
+
+       if ($orig_file !== $file)
+               return false;
+
+       $valid = false;
+       if (strpos($file, "include/") === 0)
+               $valid = true;
+
+       if (strpos($file, "addon/") === 0)
+               $valid = true;
+
+       if (!$valid)
+               return false;
+
+       return true;
+}