Use realpath() to secure file and path names.

[core.git] / inc / classes / main / file_directories / io / class_FrameworkFileInputOutputPointer.php

diff --git a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
index 824df452eec683a41c7d534d671d835edb5962af..04d8cbc9deddccbdae667f83630558989dd7d7e5 100644 (file)
--- a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
+++ b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
@@ -44,6 +44,9 @@ class FrameworkFileInputOutputPointer extends BaseFileIo {
         * @throws      FileIoException                 If fopen() returns not a file resource
         */
        public static final function createFrameworkFileInputOutputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given