aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2017-09-19 20:21:28 +0200
committerVirtualTam <virtualtam@flibidi.net>2017-09-28 21:57:20 +0200
commite4325b1517c3d9769c8e0141e37b2845bf8e4d09 (patch)
treee16af52e1a9ce4a56693e4fe4eb01cbc5112fb86 /application
parent0cba184cf80423d990aba09a2a0a1f2b9c5882b7 (diff)
downloadShaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.tar.gz
Shaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.tar.zst
Shaarli-e4325b1517c3d9769c8e0141e37b2845bf8e4d09.zip
Robustness: safer RainTPL directory handling
Relates to https://github.com/shaarli/Shaarli/issues/845 Relates to https://github.com/shaarli/Shaarli/issues/846 Relates to https://github.com/shaarli/Shaarli/pull/909 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r--application/ApplicationUtils.php5
-rw-r--r--application/ThemeUtils.php1
2 files changed, 4 insertions, 2 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
index 85dcbeeb..123cc0b3 100644
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ class ApplicationUtils
168 public static function checkResourcePermissions($conf) 168 public static function checkResourcePermissions($conf)
169 { 169 {
170 $errors = array(); 170 $errors = array();
171 $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
171 172
172 // Check script and template directories are readable 173 // Check script and template directories are readable
173 foreach (array( 174 foreach (array(
174 'application', 175 'application',
175 'inc', 176 'inc',
176 'plugins', 177 'plugins',
177 $conf->get('resource.raintpl_tpl'), 178 $rainTplDir,
178 $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'), 179 $rainTplDir.'/'.$conf->get('resource.theme'),
179 ) as $path) { 180 ) as $path) {
180 if (! is_readable(realpath($path))) { 181 if (! is_readable(realpath($path))) {
181 $errors[] = '"'.$path.'" directory is not readable'; 182 $errors[] = '"'.$path.'" directory is not readable';
diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php
index 2718ed13..16f2f6a2 100644
--- a/application/ThemeUtils.php
+++ b/application/ThemeUtils.php
@@ -22,6 +22,7 @@ class ThemeUtils
22 */ 22 */
23 public static function getThemes($tplDir) 23 public static function getThemes($tplDir)
24 { 24 {
25 $tplDir = rtrim($tplDir, '/');
25 $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR); 26 $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
26 $themes = []; 27 $themes = [];
27 foreach ($allTheme as $value) { 28 foreach ($allTheme as $value) {