projects / core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use realpath() to secure file and path names.
[core.git] / inc / classes / main / file_directories / directory / class_FrameworkDirectoryPointer.php
diff --git a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
index da220403458c081e6531ca4f7cc5a0b937c3efd5..a04a8dd486f32ffc41913da5cecf5b176a5c29b6 100644 (file)
--- a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
+++ b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
@@ -68,6 +68,9 @@ class FrameworkDirectoryPointer extends BaseFrameworkSystem {
         * @todo        Get rid of inConstructor, could be old-lost code.
         */
        public static final function createFrameworkDirectoryPointer ($pathName, $inConstructor = FALSE) {
         * @todo        Get rid of inConstructor, could be old-lost code.
         */
        public static final function createFrameworkDirectoryPointer ($pathName, $inConstructor = FALSE) {
+               // Secure with realpath()
+               $pathName = realpath($pathName);
+
                // Some pre-sanity checks...
                if (is_null($pathName)) {
                        // No pathname given
                // Some pre-sanity checks...
                if (is_null($pathName)) {
                        // No pathname given
Framework project 'core' for later PHP 5.5+ projects.