diff options
| author | Simon Rettberg | 2014-08-14 22:50:05 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-08-14 22:50:05 +0200 |
| commit | b776c51856e387941130562e3711005036ee26fb (patch) | |
| tree | 4cf8348e3ddaf1e783c4a86d3cf9cd847fa79217 /inc/util.inc.php | |
| parent | Re-Format all language files for cleaner future diffs (diff) | |
| download | slx-admin-b776c51856e387941130562e3711005036ee26fb.tar.gz slx-admin-b776c51856e387941130562e3711005036ee26fb.tar.xz slx-admin-b776c51856e387941130562e3711005036ee26fb.zip | |
[i18n] Sanity checks, introduced subdir for template language files
Diffstat (limited to 'inc/util.inc.php')
| -rw-r--r-- | inc/util.inc.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/inc/util.inc.php b/inc/util.inc.php index 45a6b684..109c0c5d 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -103,6 +103,26 @@ class Util return preg_replace('/[^a-zA-Z0-9_\-]+/', '_', $name); } + public static function safePath($path, $prefix = '') + { + if (empty($path)) + return false; + $path = trim($path); + if ($path{0} == '/' || preg_match('/[\x00-\x19\?\*]/', $path)) + return false; + if (strpos($path, '..') !== false) + return false; + if (substr($path, 0, 2) !== './') + $path = "./$path"; + if (empty($prefix)) + return $path; + if (substr($prefix, 0, 2) !== './') + $prefix = "./$prefix"; + if (substr($path, 0, strlen($prefix)) !== $prefix) + return false; + return $path; + } + /** * Create human readable error description from a $_FILES[<..>]['error'] code * |