Robustness: safer RainTPL directory handling

Relates to https://github.com/shaarli/Shaarli/issues/845 Relates to https://github.com/shaarli/Shaarli/issues/846 Relates to https://github.com/shaarli/Shaarli/pull/909 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-09-19 20:21:28 +02:00 · 2017-09-19 20:21:28 +02:00 · e4325b1517
parent 0cba184cf8
commit e4325b1517
2 changed files with 4 additions and 2 deletions
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@ -168,14 +168,15 @@ class ApplicationUtils
    public static function checkResourcePermissions($conf)
    {
        $errors = array();
+        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');

        // Check script and template directories are readable
        foreach (array(
            'application',
            'inc',
            'plugins',
-            $conf->get('resource.raintpl_tpl'),
-            $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
+            $rainTplDir,
+            $rainTplDir.'/'.$conf->get('resource.theme'),
        ) as $path) {
            if (! is_readable(realpath($path))) {
                $errors[] = '"'.$path.'" directory is not readable';
--- a/application/ThemeUtils.php
+++ b/application/ThemeUtils.php
@ -22,6 +22,7 @@ class ThemeUtils
     */
    public static function getThemes($tplDir)
    {
+        $tplDir = rtrim($tplDir, '/');
        $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
        $themes = [];
        foreach ($allTheme as $value) {