Robustness: safer RainTPL directory handling

Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
VirtualTam 2017-09-19 20:21:28 +02:00
parent 0cba184cf8
commit e4325b1517
2 changed files with 4 additions and 2 deletions

View file

@ -168,14 +168,15 @@ class ApplicationUtils
public static function checkResourcePermissions($conf)
{
$errors = array();
$rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
// Check script and template directories are readable
foreach (array(
'application',
'inc',
'plugins',
$conf->get('resource.raintpl_tpl'),
$conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
$rainTplDir,
$rainTplDir.'/'.$conf->get('resource.theme'),
) as $path) {
if (! is_readable(realpath($path))) {
$errors[] = '"'.$path.'" directory is not readable';

View file

@ -22,6 +22,7 @@ class ThemeUtils
*/
public static function getThemes($tplDir)
{
$tplDir = rtrim($tplDir, '/');
$allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
$themes = [];
foreach ($allTheme as $value) {