mirrors
/
flight-core
mirror of https://github.com/flightphp/core
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Failed asserting that exception message 'Target directory is not writable' contains 'Invalid target path: contains directory traversal'.

Browse Source
pull/702/head
fadrian06 3 days ago
parent 9afa64eb97
commit a1faf4f00b
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
flight/net/UploadedFile.php
Unescape View File

@ -131,14 +131,15 @@ class UploadedFile
throw new Exception($this->getUploadErrorMessage($this->error)); throw new Exception($this->getUploadErrorMessage($this->error));
} }
if (is_writeable(dirname($targetPath)) === false) {
throw new Exception('Target directory is not writable');
}
// Prevent path traversal attacks // Prevent path traversal attacks
if (strpos($targetPath, '..') !== false) { if (strpos($targetPath, '..') !== false) {
throw new Exception('Invalid target path: contains directory traversal'); throw new Exception('Invalid target path: contains directory traversal');
} }
if (is_writeable(dirname($targetPath)) === false) {
throw new Exception('Target directory is not writable');
}
// Prevent absolute paths (basic check for Unix/Windows) // Prevent absolute paths (basic check for Unix/Windows)
if ($targetPath[0] === '/' || (strlen($targetPath) > 1 && $targetPath[1] === ':')) { if ($targetPath[0] === '/' || (strlen($targetPath) > 1 && $targetPath[1] === ':')) {
throw new Exception('Invalid target path: absolute paths not allowed'); throw new Exception('Invalid target path: absolute paths not allowed');

Write Preview
Loading…
Cancel
Save