diff options
| author | Nicofuma <github@nicofuma.fr> | 2015-03-29 19:50:19 +0200 |
|---|---|---|
| committer | Nicofuma <github@nicofuma.fr> | 2015-03-29 19:50:19 +0200 |
| commit | d9f4964d914d5079025a2d86ae0a6d64df10cdaa (patch) | |
| tree | 4f6fc540fdfb67e3b836cd742267d1b6f6797429 /phpBB/includes/functions_acp.php | |
| parent | 499088b62f686482fd9419be83baef9a7c5ab1c2 (diff) | |
| parent | 1da6b30cf04ff8fb06f38dd1ff8ab211af0a763f (diff) | |
| download | forums-d9f4964d914d5079025a2d86ae0a6d64df10cdaa.tar forums-d9f4964d914d5079025a2d86ae0a6d64df10cdaa.tar.gz forums-d9f4964d914d5079025a2d86ae0a6d64df10cdaa.tar.bz2 forums-d9f4964d914d5079025a2d86ae0a6d64df10cdaa.tar.xz forums-d9f4964d914d5079025a2d86ae0a6d64df10cdaa.zip | |
Merge pull request #3376 from marc1706/ticket/13568-asc
[ticket/13568] Validate imagick path as readable absolute path
closes #3376
Diffstat (limited to 'phpBB/includes/functions_acp.php')
| -rw-r--r-- | phpBB/includes/functions_acp.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index e30c6da505..a53a54368e 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -550,6 +550,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) $cfg_array[$config_name] = trim($destination); + // Absolute file path + case 'absolute_path': + case 'absolute_path_writable': // Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir... case 'path': case 'wpath': @@ -568,20 +571,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) break; } - if (!file_exists($phpbb_root_path . $cfg_array[$config_name])) + $path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name]; + + if (!file_exists($path)) { $error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]); } - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !is_dir($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]); } // Check if the path is writable - if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath') + if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable') { - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !phpbb_is_writable($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]); } |