diff options
| author | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
| commit | 3e32655c7f22ce9aff7bafdbab6d556879b5fcf9 (patch) | |
| tree | 20853ed2664b6e28d5a2f42ee94ab8418b689629 /phpBB/includes/filesystem.php | |
| parent | ab628cbdb99eda1c3efbbca7e374f64876800428 (diff) | |
| parent | 16e70fa08610227d96e149eba2019803ad37c85f (diff) | |
| download | forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.gz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.bz2 forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.xz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.zip | |
Merge pull request #1290 from nickvergessen/ticket/11362
Correctly sanitise the directory path in finder
Diffstat (limited to 'phpBB/includes/filesystem.php')
| -rw-r--r-- | phpBB/includes/filesystem.php | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/phpBB/includes/filesystem.php b/phpBB/includes/filesystem.php new file mode 100644 index 0000000000..27cab48fb0 --- /dev/null +++ b/phpBB/includes/filesystem.php @@ -0,0 +1,52 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** +* A class with various functions that are related to paths, files and the filesystem +* @package phpBB3 +*/ +class phpbb_filesystem +{ + /** + * Eliminates useless . and .. components from specified path. + * + * @param string $path Path to clean + * @return string Cleaned path + */ + public function clean_path($path) + { + $exploded = explode('/', $path); + $filtered = array(); + foreach ($exploded as $part) + { + if ($part === '.' && !empty($filtered)) + { + continue; + } + + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + { + array_pop($filtered); + } + else + { + $filtered[] = $part; + } + } + $path = implode('/', $filtered); + return $path; + } +} |