Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exceptions PossibleDirectoryTraversal in Windows system #44

Closed
komtcho opened this issue Jul 26, 2023 · 2 comments
Closed

Exceptions PossibleDirectoryTraversal in Windows system #44

komtcho opened this issue Jul 26, 2023 · 2 comments
Labels
bug help wanted

Comments

@komtcho
Copy link
Contributor

komtcho commented Jul 26, 2023

Folio Version

1.0.0-beta.1

Laravel Version

10.16.1

PHP Version

8.1.10

Description

When trying on a Windows system, I found a problem with verifying that the blade file exists at Laravel\Folio\Pipeline\EnsureNoDirectoryTraversal class.

image

if (! Str::of(realpath($view->path))->startsWith($state->mountPath.'/')) {
    throw new PossibleDirectoryTraversal;
}

And I solved the problem through the use DIRECTORY_SEPARATOR to be

if (! Str::of(realpath($view->path))->startsWith($state->mountPath . DIRECTORY_SEPARATOR)) {
    throw new PossibleDirectoryTraversal;
}

Thanks,

Steps To Reproduce

  1. Install laravel/folio:^1.0@beta.
  2. Run php artisan folio:install.
  3. Create pages/schedule.blade.php file
@driesvints driesvints added the bug label Jul 26, 2023
@taylorotwell
Copy link
Member

PRs welcome.

@github-actions
Copy link

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

@komtcho komtcho mentioned this issue Jul 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@taylorotwell @driesvints @nunomaduro @komtcho