diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2017-09-19 20:21:28 +0200 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2017-09-28 21:57:20 +0200 |
| commit | e4325b1517c3d9769c8e0141e37b2845bf8e4d09 (patch) | |
| tree | e16af52e1a9ce4a56693e4fe4eb01cbc5112fb86 | |
| parent | 0cba184cf80423d990aba09a2a0a1f2b9c5882b7 (diff) | |
| download | Shaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.tar.gz Shaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.tar.zst Shaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.zip | |
Robustness: safer RainTPL directory handling
Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| -rw-r--r-- | application/ApplicationUtils.php | 5 | ||||
| -rw-r--r-- | application/ThemeUtils.php | 1 |
2 files changed, 4 insertions, 2 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..123cc0b3 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php | |||
| @@ -168,14 +168,15 @@ class ApplicationUtils | |||
| 168 | public static function checkResourcePermissions($conf) | 168 | public static function checkResourcePermissions($conf) |
| 169 | { | 169 | { |
| 170 | $errors = array(); | 170 | $errors = array(); |
| 171 | $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/'); | ||
| 171 | 172 | ||
| 172 | // Check script and template directories are readable | 173 | // Check script and template directories are readable |
| 173 | foreach (array( | 174 | foreach (array( |
| 174 | 'application', | 175 | 'application', |
| 175 | 'inc', | 176 | 'inc', |
| 176 | 'plugins', | 177 | 'plugins', |
| 177 | $conf->get('resource.raintpl_tpl'), | 178 | $rainTplDir, |
| 178 | $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'), | 179 | $rainTplDir.'/'.$conf->get('resource.theme'), |
| 179 | ) as $path) { | 180 | ) as $path) { |
| 180 | if (! is_readable(realpath($path))) { | 181 | if (! is_readable(realpath($path))) { |
| 181 | $errors[] = '"'.$path.'" directory is not readable'; | 182 | $errors[] = '"'.$path.'" directory is not readable'; |
diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php index 2718ed13..16f2f6a2 100644 --- a/application/ThemeUtils.php +++ b/application/ThemeUtils.php | |||
| @@ -22,6 +22,7 @@ class ThemeUtils | |||
| 22 | */ | 22 | */ |
| 23 | public static function getThemes($tplDir) | 23 | public static function getThemes($tplDir) |
| 24 | { | 24 | { |
| 25 | $tplDir = rtrim($tplDir, '/'); | ||
| 25 | $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR); | 26 | $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR); |
| 26 | $themes = []; | 27 | $themes = []; |
| 27 | foreach ($allTheme as $value) { | 28 | foreach ($allTheme as $value) { |