diff options
author | Nicofuma <github@nicofuma.fr> | 2015-03-29 19:41:13 +0200 |
---|---|---|
committer | Nicofuma <github@nicofuma.fr> | 2015-03-29 19:41:13 +0200 |
commit | b9db47e3f52a8723b06e01f15c6e44052c014c42 (patch) | |
tree | a95b627f257c1682c211acdb861a6aa27a75a809 /phpBB/adm | |
parent | 1efbb5b3bbd8c0b38c0f265453514dfd87ef04f0 (diff) | |
parent | 7c5d872344a59f0fe2323d34885e543a09111ca7 (diff) | |
download | forums-b9db47e3f52a8723b06e01f15c6e44052c014c42.tar forums-b9db47e3f52a8723b06e01f15c6e44052c014c42.tar.gz forums-b9db47e3f52a8723b06e01f15c6e44052c014c42.tar.bz2 forums-b9db47e3f52a8723b06e01f15c6e44052c014c42.tar.xz forums-b9db47e3f52a8723b06e01f15c6e44052c014c42.zip |
Merge pull request #3359 from marc1706/ticket/13568
[ticket/13568] Validate imagick path as readable absolute path
closes #3359
Diffstat (limited to 'phpBB/adm')
-rw-r--r-- | phpBB/adm/index.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php index 85908476a1..49c4be09dc 100644 --- a/phpBB/adm/index.php +++ b/phpBB/adm/index.php @@ -524,6 +524,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) $cfg_array[$config_name] = trim($destination); + // Absolute file path + case 'absolute_path': + case 'absolute_path_writable': // Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir... case 'path': case 'wpath': @@ -542,20 +545,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) break; } - if (!file_exists($phpbb_root_path . $cfg_array[$config_name])) + $path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name]; + + if (!file_exists($path)) { $error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]); } - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !is_dir($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]); } // Check if the path is writable - if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath') + if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable') { - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !phpbb_is_writable($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]); } |