diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-01-13 14:33:19 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-01-13 14:33:19 +0100 |
| commit | e151210a62a1fbe9fb885bd1dbb51315bd820e03 (patch) | |
| tree | 122d4d8550ae273c1177451f59074ccbaedeb78e /lib | |
| parent | 981fd5e4249d6bda0f8a06d86055ede896cdc9da (diff) | |
| download | nextcloud-server-e151210a62a1fbe9fb885bd1dbb51315bd820e03.tar.gz nextcloud-server-e151210a62a1fbe9fb885bd1dbb51315bd820e03.zip | |
Simplify the isSubDirectory() function
isSubDirectory() checks if a specified $sub is a subdirectory of the
$parent, this is needed to prevent file inclusions.
Actually, the current code is more kind of a "hack" which I always
struggle over if browsing through source. So this should be a much
better implementation.
The implementation is really straightforward:
- [realpath()](http://php.net/manual/function.realpath.php) expands all
symbolic links and resolves references to '/./', '/../' and extra '/'
characters in the input path and return the canonicalized absolute
pathname.
- [strpos()](php.net/manual/function.strpos.php) returns FALSE if the
substring wasn't found.
Since this is an absolutely critical piece of code, I'd like to ensure
that this is absolutely safe!
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/helper.php | 24 |
1 files changed, 2 insertions, 22 deletions
diff --git a/lib/helper.php b/lib/helper.php index 1aba2a38100..a01743cc27e 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -633,29 +633,9 @@ class OC_Helper { * @return bool */ public static function issubdirectory($sub, $parent) { - if($sub == null || $sub == '' || $parent == null || $parent == '') { - return false; - } - $realpath_sub = realpath($sub); - $realpath_parent = realpath($parent); - if(($realpath_sub == false && substr_count($realpath_sub, './') != 0) || ($realpath_parent == false && substr_count($realpath_parent, './') != 0)) { //it checks for both ./ and ../ - return false; - } - if($realpath_sub && $realpath_sub != '' && $realpath_parent && $realpath_parent != '') { - if(substr($realpath_sub, 0, strlen($realpath_parent)) == $realpath_parent) { - return true; - } - }else{ - if(substr($sub, 0, strlen($parent)) == $parent) { - return true; - } + if (strpos(realpath($sub), realpath($parent)) !== false) { + return true; } - /*echo 'SUB: ' . $sub . "\n"; - echo 'PAR: ' . $parent . "\n"; - echo 'REALSUB: ' . $realpath_sub . "\n"; - echo 'REALPAR: ' . $realpath_parent . "\n"; - echo substr($realpath_sub, 0, strlen($realpath_parent)); - exit;*/ return false; } |