xingcheng
/
FreshRSS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix extension file search (#3413)

Browse Source 
Before, it was possible to retrieve only the files from extensions. Thus
making core extension files unreachable.
Now, the selected file is search through all extensions folders.
pull/3410/head^2
Alexis Degrugillier 4 years ago committed by GitHub
parent 36f9d44d54
commit d7cfea155f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      p/ext.php

24
p/ext.php
Unescape View File

@ -13,6 +13,28 @@ const SUPPORTED_TYPES = [
'svg' => 'image/svg+xml',
];
/**
* @return string
*/
function get_absolute_filename(string $file_name) {
$core_extension = realpath(CORE_EXTENSIONS_PATH . '/' . $file_name);
if (false !== $core_extension) {
return $core_extension;
}
$extension = realpath(EXTENSIONS_PATH . '/' . $file_name);
if (false !== $extension) {
return $extension;
}
$third_party_extension = realpath(THIRDPARTY_EXTENSIONS_PATH . '/' . $file_name);
if (false !== $third_party_extension) {
return $third_party_extension;
}
return '';
}
function is_valid_path_extension($path, $extensionPath) {
// It must be under the extension path.
$real_ext_path = realpath($extensionPath);
@ -71,7 +93,7 @@ if (empty(SUPPORTED_TYPES[$file_type])) {
sendBadRequestResponse('File type is not supported.');
}
$absolute_filename = realpath(EXTENSIONS_PATH . '/' . $file_name);
$absolute_filename = get_absolute_filename($file_name);
if (!is_valid_path($absolute_filename)) {
sendBadRequestResponse('File is not supported.');
}

Write Preview
Loading…
Cancel
Save