From: Roland Haeder Date: Thu, 15 May 2014 20:41:23 +0000 (+0200) Subject: Use realpath() to secure file and path names. X-Git-Url: https://git.mxchange.org/?p=core.git;a=commitdiff_plain;h=3ac79dbc1ecc71a1d704992366a0512d46af7785;ds=sidebyside Use realpath() to secure file and path names. Signed-off-by: Roland Häder --- diff --git a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php index da220403..a04a8dd4 100644 --- a/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php +++ b/inc/classes/main/file_directories/directory/class_FrameworkDirectoryPointer.php @@ -68,6 +68,9 @@ class FrameworkDirectoryPointer extends BaseFrameworkSystem { * @todo Get rid of inConstructor, could be old-lost code. */ public static final function createFrameworkDirectoryPointer ($pathName, $inConstructor = FALSE) { + // Secure with realpath() + $pathName = realpath($pathName); + // Some pre-sanity checks... if (is_null($pathName)) { // No pathname given diff --git a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php index f70ef5a1..bca7a18b 100644 --- a/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php +++ b/inc/classes/main/file_directories/input/class_FrameworkFileInputPointer.php @@ -42,6 +42,9 @@ class FrameworkFileInputPointer extends BaseFileIo { * @return void */ public static final function createFrameworkFileInputPointer ($fileName) { + // Secure with realpath() + $fileName = realpath($fileName); + // Some pre-sanity checks... if ((is_null($fileName)) || (empty($fileName))) { // No filename given diff --git a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php index 824df452..04d8cbc9 100644 --- a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php +++ b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php @@ -44,6 +44,9 @@ class FrameworkFileInputOutputPointer extends BaseFileIo { * @throws FileIoException If fopen() returns not a file resource */ public static final function createFrameworkFileInputOutputPointer ($fileName) { + // Secure with realpath() + $fileName = realpath($fileName); + // Some pre-sanity checks... if ((is_null($fileName)) || (empty($fileName))) { // No filename given diff --git a/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php b/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php index 1af2697b..907495c7 100644 --- a/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php +++ b/inc/classes/main/file_directories/output/class_FrameworkFileOutputPointer.php @@ -43,6 +43,9 @@ class FrameworkFileOutputPointer extends BaseFileIo { * @return void */ public static final function createFrameworkFileOutputPointer ($fileName, $mode) { + // Secure with realpath() + $fileName = realpath($fileName); + // Some pre-sanity checks... if (is_null($fileName)) { // No filename given