projects / core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use realpath() to secure file and path names.
[core.git] / inc / classes / main / file_directories / input / class_FrameworkFileInputPointer.php
diff --git a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
index f70ef5a12b90596adb19bef552f6e50326c1ff95..bca7a18b398dcf16a151f6d37d9a12f2dd780005 100644 (file)
--- a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
+++ b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
@@ -42,6 +42,9 @@ class FrameworkFileInputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileInputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given
Framework project 'core' for later PHP 5.5+ projects.