Robustness: safer RainTPL directory handling

Relates to https://github.com/shaarli/Shaarli/issues/845
Relates to https://github.com/shaarli/Shaarli/issues/846
Relates to https://github.com/shaarli/Shaarli/pull/909

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
VirtualTam 2017-09-19 20:21:28 +02:00
parent 0cba184cf8
commit e4325b1517
2 changed files with 4 additions and 2 deletions

View file

@ -168,14 +168,15 @@ public static function checkPHPVersion($minVersion, $curVersion)
public static function checkResourcePermissions($conf) public static function checkResourcePermissions($conf)
{ {
$errors = array(); $errors = array();
$rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
// Check script and template directories are readable // Check script and template directories are readable
foreach (array( foreach (array(
'application', 'application',
'inc', 'inc',
'plugins', 'plugins',
$conf->get('resource.raintpl_tpl'), $rainTplDir,
$conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'), $rainTplDir.'/'.$conf->get('resource.theme'),
) as $path) { ) as $path) {
if (! is_readable(realpath($path))) { if (! is_readable(realpath($path))) {
$errors[] = '"'.$path.'" directory is not readable'; $errors[] = '"'.$path.'" directory is not readable';

View file

@ -22,6 +22,7 @@ class ThemeUtils
*/ */
public static function getThemes($tplDir) public static function getThemes($tplDir)
{ {
$tplDir = rtrim($tplDir, '/');
$allTheme = glob($tplDir.'/*', GLOB_ONLYDIR); $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
$themes = []; $themes = [];
foreach ($allTheme as $value) { foreach ($allTheme as $value) {