cd workaround using pwd to restrict access

app/Http/Controllers/ShellContoller.php

@@ -8,7 +8,6 @@
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Storage;
 use App\Models;
-use Psy\Util\Str;
 use Request;
 
 class ShellContoller extends Controller
@@ -79,11 +78,14 @@ public function shell()
      */
     public function pwd($command, $path)
     {
+        error_log("Inside pwd");
         $level = Session::get('level');
+        error_log("get session var ".$path);
         $arr = explode('/', $path);
+        error_log("exploded");
         $len = sizeof($arr);
-
-        for ($i = 0; $i<len; $i++) {
+        error_log("starting loop");
+        for ($i = 0; $i<$len; $i++) {
             if ($arr[$i] === '..') {
                 $level--;
                 if ($level < 0) {
@@ -93,7 +95,7 @@ public function pwd($command, $path)
                 $level++;
             }
         }
-
+        error_log("swithcing");
         switch ($command) {
             case 'cd' : 
                 Session::put('level', $level );
@@ -119,43 +121,52 @@ public function pwd($command, $path)
 
     public function cd($args, $settings)
     {
-        if ($args[0] === false || $args[0] === '..' || $args[0] === '~') {
+        error_log("ARGS: ".$args[0]);
+        if ($this->pwd('cd', $args[0])) {
+            error_log("pwd check pased");
+            if ($args[0] === false || $args[0] === '..' || $args[0] === '~') {
 
-            //move to home directory
-            Session::put('pwd', '~');
-            $msg = Auth::user()['name'] . '@Castle:'. session('pwd') . '$ ';
-            $sts = true;
+                //move to home directory
+                Session::put('pwd', '~');
+                $msg = Auth::user()['name'] . '@Castle:' . session('pwd') . '$ ';
+                $sts = true;
 
-        } elseif ($args[0] === '.') {
+            } elseif ($args[0] === '.') {
 
-            //Keeping it in the same directory
-            $msg = Auth::user()['name'] . '@Castle:~$ ';
+                //Keeping it in the same directory
+                $msg = Auth::user()['name'] . '@Castle:~$ ';
 
-            //constructing the prompt depending on directory
-            if (Session::get('pwd') !== '~')
-                $msg = $msg . "/" . session('pwd') . '$ ';
-            $sts = true;
+                //constructing the prompt depending on directory
+                if (Session::get('pwd') !== '~')
+                    $msg = Auth::user()['name'] . '@Castle:~/' . session('pwd') . '$ ';
+                $sts = true;
 
-        } else {
+            } else {
 
-            //ADDRESS TO  Users home directory
-            $user_dir = $settings['WORK_DIR'] .'users/'. Auth::id();
+                //ADDRESS TO  Users home directory
+                $user_dir = $settings['WORK_DIR'] . 'users/' . Auth::id();
 
-            //Check if the folder exists if in home
-            if (Session::get('pwd') === '~') {
+                //Check if the folder exists if in home
+                if (Session::get('pwd') === '~') {
 
-                $user_dir = "$user_dir/$args[0]";
-                if (is_dir(storage_path().'/app/'.$user_dir) && !strpos($args[0], '/')) {
+                    $user_dir = "$user_dir/$args[0]";
+                    if (is_dir(storage_path() . '/app/' . $user_dir) && !strpos($args[0], '/')) {
 
-                    Session::put('pwd', $args[0]);
-                    $msg = Auth::user()['name'] . '@Castle:~/' . session('pwd') . '$ ';
-                    $sts = true;
-                    return response()->json(['STS' => $sts, 'MSG' => $msg]);
+                        Session::put('pwd', $args[0]);
+                        $msg = Auth::user()['name'] . '@Castle:~/' . session('pwd') . '$ ';
+                        $sts = true;
+                        return response()->json(['STS' => $sts, 'MSG' => $msg]);
 
+                    }
                 }
-            }
 
-            //No Directory by that name
+                //No Directory by that name
+                $msg = "cd: $args[0]: No such directory";
+                $sts = false;
+            }
+        }
+        else {
+            //No Directory by that name in the hierarchy
             $msg = "cd: $args[0]: No such directory";
             $sts = false;
         }

vendor/doctrine/instantiator/.gitignore

@@ -0,0 +1,5 @@
+phpunit.xml
+composer.lock
+build
+vendor
+coverage.clover

vendor/doctrine/instantiator/.scrutinizer.yml

@@ -0,0 +1,46 @@
+before_commands:
+    - "composer install --prefer-source"
+
+tools:
+    external_code_coverage:
+        timeout: 600
+    php_code_coverage:
+        enabled: true
+        test_command: ./vendor/bin/phpunit
+    php_code_sniffer:
+        enabled: true
+        config:
+            standard: PSR2
+        filter:
+            paths: ["src/*", "tests/*"]
+    php_cpd:
+        enabled: true
+        excluded_dirs: ["build/*", "tests", "vendor"]
+    php_cs_fixer:
+        enabled: true
+        config:
+            level: all
+        filter:
+            paths: ["src/*", "tests/*"]
+    php_loc:
+        enabled: true
+        excluded_dirs: ["build", "tests", "vendor"]
+    php_mess_detector:
+        enabled: true
+        config:
+            ruleset: phpmd.xml.dist
+            design_rules: { eval_expression: false }
+        filter:
+            paths: ["src/*"]
+    php_pdepend:
+        enabled: true
+        excluded_dirs: ["build", "tests", "vendor"]
+    php_analyzer:
+        enabled: true
+        filter:
+            paths: ["src/*", "tests/*"]
+    php_hhvm:
+        enabled: true
+        filter:
+            paths: ["src/*", "tests/*"]
+    sensiolabs_security_checker: true

vendor/doctrine/instantiator/.travis.install.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -x
+if [ "$TRAVIS_PHP_VERSION" = 'hhvm' ] || [ "$TRAVIS_PHP_VERSION" = 'hhvm-nightly' ] ; then
+    curl -sS https://getcomposer.org/installer > composer-installer.php
+    hhvm composer-installer.php
+    hhvm -v ResourceLimit.SocketDefaultTimeout=30 -v Http.SlowQueryThreshold=30000 composer.phar update --prefer-source
+elif [ "$TRAVIS_PHP_VERSION" = '5.3.3' ] ; then
+    composer self-update
+    composer update --prefer-source --no-dev
+    composer dump-autoload
+else
+    composer self-update
+    composer update --prefer-source
+fi

vendor/doctrine/instantiator/.travis.yml

@@ -0,0 +1,22 @@
+language: php
+
+php:
+  - 5.3.3
+  - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - hhvm
+
+before_script:
+  - ./.travis.install.sh
+  - if [ $TRAVIS_PHP_VERSION = '5.6' ]; then PHPUNIT_FLAGS="--coverage-clover coverage.clover"; else PHPUNIT_FLAGS=""; fi
+
+script:
+  - if [ $TRAVIS_PHP_VERSION = '5.3.3' ]; then phpunit; fi
+  - if [ $TRAVIS_PHP_VERSION != '5.3.3' ]; then ./vendor/bin/phpunit $PHPUNIT_FLAGS; fi
+  - if [ $TRAVIS_PHP_VERSION != '5.3.3' ]; then ./vendor/bin/phpcs --standard=PSR2 ./src/ ./tests/; fi
+  - if [[ $TRAVIS_PHP_VERSION != '5.3.3' && $TRAVIS_PHP_VERSION != '5.4.29' && $TRAVIS_PHP_VERSION != '5.5.13' ]]; then php -n ./vendor/bin/athletic -p ./tests/DoctrineTest/InstantiatorPerformance/ -f GroupedFormatter; fi
+
+after_script:
+  - if [ $TRAVIS_PHP_VERSION = '5.6' ]; then wget https://scrutinizer-ci.com/ocular.phar; php ocular.phar code-coverage:upload --format=php-clover coverage.clover; fi

vendor/doctrine/instantiator/phpmd.xml.dist

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<ruleset
+    name="Instantiator rules"
+    xmlns="http://pmd.sf.net/ruleset/1.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0 http://pmd.sf.net/ruleset_xml_schema.xsd"
+    xsi:noNamespaceSchemaLocation="http://pmd.sf.net/ruleset_xml_schema.xsd"
+>
+    <rule ref="rulesets/cleancode.xml">
+        <!-- static access is used for caching purposes -->
+        <exclude name="StaticAccess"/>
+    </rule>
+    <rule ref="rulesets/codesize.xml"/>
+    <rule ref="rulesets/controversial.xml"/>
+    <rule ref="rulesets/design.xml"/>
+    <rule ref="rulesets/naming.xml"/>
+    <rule ref="rulesets/unusedcode.xml"/>
+    <rule
+        name="NPathComplexity"
+        message="The {0} {1}() has an NPath complexity of {2}. The configured NPath complexity threshold is {3}."
+        class="PHP_PMD_Rule_Design_NpathComplexity"
+    >
+        <properties>
+            <property name="minimum" description="The npath reporting threshold" value="10"/>
+        </properties>
+    </rule>
+</ruleset>

vendor/doctrine/instantiator/phpunit.xml.dist

@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<phpunit
+    bootstrap="./vendor/autoload.php"
+    colors="true"
+    convertErrorsToExceptions="true"
+    convertNoticesToExceptions="true"
+    convertWarningsToExceptions="true"
+    verbose="true"
+    stopOnFailure="false"
+    processIsolation="false"
+    backupGlobals="false"
+    syntaxCheck="true"
+>
+    <testsuite name="Doctrine\Instantiator tests">
+        <directory>./tests/DoctrineTest/InstantiatorTest</directory>
+    </testsuite>
+    <filter>
+        <whitelist addUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
+</phpunit>

vendor/doctrine/instantiator/tests/DoctrineTest/InstantiatorPerformance/InstantiatorPerformanceEvent.php

@@ -0,0 +1,96 @@
+<?php
+/*
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * and is licensed under the MIT license. For more information, see
+ * <http://www.doctrine-project.org>.
+ */
+
+namespace DoctrineTest\InstantiatorPerformance;
+
+use Athletic\AthleticEvent;
+use Doctrine\Instantiator\Instantiator;
+
+/**
+ * Performance tests for {@see \Doctrine\Instantiator\Instantiator}
+ *
+ * @author Marco Pivetta <ocramius@gmail.com>
+ */
+class InstantiatorPerformanceEvent extends AthleticEvent
+{
+    /**
+     * @var \Doctrine\Instantiator\Instantiator
+     */
+    private $instantiator;
+
+    /**
+     * {@inheritDoc}
+     */
+    protected function setUp()
+    {
+        $this->instantiator = new Instantiator();
+
+        $this->instantiator->instantiate(__CLASS__);
+        $this->instantiator->instantiate('ArrayObject');
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\SimpleSerializableAsset');
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\SerializableArrayObjectAsset');
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\UnCloneableAsset');
+    }
+
+    /**
+     * @iterations 20000
+     * @baseline
+     * @group instantiation
+     */
+    public function testInstantiateSelf()
+    {
+        $this->instantiator->instantiate(__CLASS__);
+    }
+
+    /**
+     * @iterations 20000
+     * @group instantiation
+     */
+    public function testInstantiateInternalClass()
+    {
+        $this->instantiator->instantiate('ArrayObject');
+    }
+
+    /**
+     * @iterations 20000
+     * @group instantiation
+     */
+    public function testInstantiateSimpleSerializableAssetClass()
+    {
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\SimpleSerializableAsset');
+    }
+
+    /**
+     * @iterations 20000
+     * @group instantiation
+     */
+    public function testInstantiateSerializableArrayObjectAsset()
+    {
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\SerializableArrayObjectAsset');
+    }
+
+    /**
+     * @iterations 20000
+     * @group instantiation
+     */
+    public function testInstantiateUnCloneableAsset()
+    {
+        $this->instantiator->instantiate('DoctrineTest\\InstantiatorTestAsset\\UnCloneableAsset');
+    }
+}