From e4325b1517c3d9769c8e0141e37b2845bf8e4d09 Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Tue, 19 Sep 2017 20:21:28 +0200
Subject: Robustness: safer RainTPL directory handling

Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 application/ApplicationUtils.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'application/ApplicationUtils.php')

diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
index 85dcbeeb..123cc0b3 100644
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ class ApplicationUtils
     public static function checkResourcePermissions($conf)
     {
         $errors = array();
+        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
 
         // Check script and template directories are readable
         foreach (array(
             'application',
             'inc',
             'plugins',
-            $conf->get('resource.raintpl_tpl'),
-            $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
+            $rainTplDir,
+            $rainTplDir.'/'.$conf->get('resource.theme'),
         ) as $path) {
             if (! is_readable(realpath($path))) {
                 $errors[] = '"'.$path.'" directory is not readable';
-- 
cgit v1.2.3