Use realpath() to secure file and path names.

Signed-off-by: Roland Häder <roland@mxchange.org>

diff --git a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
index da220403458c081e6531ca4f7cc5a0b937c3efd5..a04a8dd486f32ffc41913da5cecf5b176a5c29b6 100644 (file)
--- a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
+++ b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php
@@ -68,6 +68,9 @@ class FrameworkDirectoryPointer extends BaseFrameworkSystem {
         * @todo        Get rid of inConstructor, could be old-lost code.
         */
        public static final function createFrameworkDirectoryPointer ($pathName, $inConstructor = FALSE) {
+               // Secure with realpath()
+               $pathName = realpath($pathName);
+
                // Some pre-sanity checks...
                if (is_null($pathName)) {
                        // No pathname given

diff --git a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
index f70ef5a12b90596adb19bef552f6e50326c1ff95..bca7a18b398dcf16a151f6d37d9a12f2dd780005 100644 (file)
--- a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
+++ b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php
@@ -42,6 +42,9 @@ class FrameworkFileInputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileInputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given

diff --git a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
index 824df452eec683a41c7d534d671d835edb5962af..04d8cbc9deddccbdae667f83630558989dd7d7e5 100644 (file)
--- a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
+++ b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php
@@ -44,6 +44,9 @@ class FrameworkFileInputOutputPointer extends BaseFileIo {
         * @throws      FileIoException                 If fopen() returns not a file resource
         */
        public static final function createFrameworkFileInputOutputPointer ($fileName) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if ((is_null($fileName)) || (empty($fileName))) {
                        // No filename given

diff --git a/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php b/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php
index 1af2697b22d7c15fe3b20826de0ce0952ce08af1..907495c711c153905e2890e95aecd6992f1c2d34 100644 (file)
--- a/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php
+++ b/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php
@@ -43,6 +43,9 @@ class FrameworkFileOutputPointer extends BaseFileIo {
         * @return      void
         */
        public static final function createFrameworkFileOutputPointer ($fileName, $mode) {
+               // Secure with realpath()
+               $fileName = realpath($fileName);
+
                // Some pre-sanity checks...
                if (is_null($fileName)) {
                        // No filename given