Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

com_mediamanger fix for failure to traverse/create/delete directories #24924

Merged
merged 6 commits into from Jun 5, 2019
Next

com_mediamanger fix for failure to traverse/create/delete directories

and files when the images directory is a symlink.

As per the discussion in #24539 and #24723
  • Loading branch information...
nonickch committed May 16, 2019
commit e1582897fa3a2181d3f7f0e97bf5807d67f090c7
@@ -94,7 +94,7 @@ public function upload()
$filepath = JPath::clean($files['final']);
if (!$mediaHelper->canUpload($file, 'com_media')
|| strpos(realpath($fileparts['dirname']), JPath::clean(COM_MEDIA_BASE)) !== 0)
|| strpos(realpath($fileparts['dirname']), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
try
{
@@ -114,7 +114,7 @@ public function upload()
// We need a url safe name
$fileparts = pathinfo(COM_MEDIA_BASE . '/' . $this->folder . '/' . $file['name']);
if (strpos(realpath($fileparts['dirname']), JPath::clean(COM_MEDIA_BASE)) !== 0)
if (strpos(realpath($fileparts['dirname']), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNINVALID_FOLDER'));
@@ -286,7 +286,7 @@ public function delete()
{
$fullPath = implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $folder, $path));
if (strpos(realpath($fullPath), JPath::clean(COM_MEDIA_BASE)) !== 0)
if (strpos(realpath($fullPath), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
unset($safePaths[$key]);
}
@@ -88,7 +88,7 @@ public function delete()
{
$fullPath = JPath::clean(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $folder, $path)));
if (strpos(realpath($fullPath), JPath::clean(COM_MEDIA_BASE)) !== 0)
if (strpos(realpath($fullPath), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNINVALID_FOLDER'));
@@ -198,10 +198,10 @@ public function create()
$path = JPath::clean(COM_MEDIA_BASE . '/' . $parent . '/' . $folder);
if (strpos(realpath(COM_MEDIA_BASE . '/' . $parent), JPath::clean(COM_MEDIA_BASE)) !== 0)
if (strpos(realpath(COM_MEDIA_BASE . '/' . $parent), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
$app = JFactory::getApplication();
$app->enqueueMessage(JText::_('COM_MEDIA_ERROR_WARNINVALID_FOLDER'));
$app->enqueueMessage(JText::_('COM_MEDIA_ERROR_WARNINVALID_FOLDER'), 'error');
return false;
}
@@ -114,7 +114,7 @@ public function getList()
$mediaBase = str_replace(DIRECTORY_SEPARATOR, '/', COM_MEDIA_BASE . '/');
// Reset base path
if (strpos(realpath($basePath), JPath::clean(COM_MEDIA_BASE)) !== 0)
if (strpos(realpath($basePath), JPath::clean(realpath(COM_MEDIA_BASE))) !== 0)
{
$basePath = COM_MEDIA_BASE;
}
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.