summaryrefslogtreecommitdiffstats
path: root/inc/util.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/util.inc.php')
-rw-r--r--inc/util.inc.php20
1 files changed, 20 insertions, 0 deletions
diff --git a/inc/util.inc.php b/inc/util.inc.php
index 45a6b684..109c0c5d 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -103,6 +103,26 @@ class Util
return preg_replace('/[^a-zA-Z0-9_\-]+/', '_', $name);
}
+ public static function safePath($path, $prefix = '')
+ {
+ if (empty($path))
+ return false;
+ $path = trim($path);
+ if ($path{0} == '/' || preg_match('/[\x00-\x19\?\*]/', $path))
+ return false;
+ if (strpos($path, '..') !== false)
+ return false;
+ if (substr($path, 0, 2) !== './')
+ $path = "./$path";
+ if (empty($prefix))
+ return $path;
+ if (substr($prefix, 0, 2) !== './')
+ $prefix = "./$prefix";
+ if (substr($path, 0, strlen($prefix)) !== $prefix)
+ return false;
+ return $path;
+ }
+
/**
* Create human readable error description from a $_FILES[<..>]['error'] code
*