Use realpath() to secure file and path names.
authorRoland Haeder <roland@mxchange.org>
Thu, 15 May 2014 20:41:23 +0000 (22:41 +0200)
committerRoland Haeder <roland@mxchange.org>
Thu, 15 May 2014 20:41:23 +0000 (22:41 +0200)
Signed-off-by: Roland H├Ąder <roland@mxchange.org>
inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php

index da22040..a04a8dd 100644 (file)
@@ -68,6 +68,9 @@ class FrameworkDirectoryPointer extends BaseFrameworkSystem {
         * @todo        Get rid of inConstructor, could be old-lost code.
         */
        public static final function createFrameworkDirectoryPointer ($pathName, $inConstructor = FALSE) {
+               // Secure with realpath()
+               $pathName = realpath($pathName);
+
                // Some pre-sanity checks...
                if (is_null($pathName)) {
                        // No pathname given
index f70ef5a..bca7a18 100644 (file)
@@ -42,6 +42,9 @@ class FrameworkFileInputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileInputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given
index 824df45..04d8cbc 100644 (file)
@@ -44,6 +44,9 @@ class FrameworkFileInputOutputPointer extends BaseFileIo {
         * @throws      FileIoException                 If fopen() returns not a file resource
         */
        public static final function createFrameworkFileInputOutputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given
index 1af2697..907495c 100644 (file)
@@ -43,6 +43,9 @@ class FrameworkFileOutputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileOutputPointer ($fileName, $mode) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if (is_null($fileName)) {
                        // No filename given