diff options
| author | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2013-04-24 09:45:34 -0700 |
| commit | 3e32655c7f22ce9aff7bafdbab6d556879b5fcf9 (patch) | |
| tree | 20853ed2664b6e28d5a2f42ee94ab8418b689629 /phpBB/includes/functions.php | |
| parent | ab628cbdb99eda1c3efbbca7e374f64876800428 (diff) | |
| parent | 16e70fa08610227d96e149eba2019803ad37c85f (diff) | |
| download | forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.gz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.bz2 forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.tar.xz forums-3e32655c7f22ce9aff7bafdbab6d556879b5fcf9.zip | |
Merge pull request #1290 from nickvergessen/ticket/11362
Correctly sanitise the directory path in finder
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 58d2ad4760..05a278a2b4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1049,31 +1049,33 @@ else /** * Eliminates useless . and .. components from specified path. * +* Deprecated, use filesystem class instead +* * @param string $path Path to clean * @return string Cleaned path +* +* @deprecated */ function phpbb_clean_path($path) { - $exploded = explode('/', $path); - $filtered = array(); - foreach ($exploded as $part) - { - if ($part === '.' && !empty($filtered)) - { - continue; - } + global $phpbb_container; - if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') - { - array_pop($filtered); - } - else + if ($phpbb_container) + { + $phpbb_filesystem = $phpbb_container->get('filesystem'); + } + else + { + // The container is not yet loaded, use a new instance + if (!class_exists('phpbb_filesystem')) { - $filtered[] = $part; + global $phpbb_root_path, $phpEx; + require($phpbb_root_path . 'includes/filesystem.' . $phpEx); } + $phpbb_filesystem = new phpbb_filesystem(); } - $path = implode('/', $filtered); - return $path; + + return $phpbb_filesystem->clean_path($path); } // functions used for building option fields |