scratch – Diff between revs 48 and 49
?pathlinks?
Rev 48 | Rev 49 | |||
---|---|---|---|---|
Line 41... | Line 41... | |||
41 | 'sha512', |
41 | 'sha512', |
|
42 | $data |
42 | $data |
|
43 | ) |
43 | ) |
|
44 | ), |
44 | ), |
|
45 | $ASSET_HASH_SIZE |
45 | $ASSET_HASH_SIZE |
|
46 | ). |
46 | ) |
|
47 | '.'. |
- | ||
48 | $fileExtension |
- | ||
49 | ); |
47 | ); |
|
Line 50... | Line 48... | |||
50 | |
48 | |
|
51 | #### Build the user path. |
49 | #### Build the user path. |
|
52 | $userPath = join( |
50 | $userPath = join( |
|
Line 56... | Line 54... | |||
56 | $file |
54 | $file |
|
57 | ) |
55 | ) |
|
58 | ); |
56 | ); |
|
Line 59... | Line 57... | |||
59 | |
57 | |
|
60 | #### Check for path traversals |
58 | #### Check for path traversals |
|
61 | $pathPart = pathinfo($userPath); |
59 | $pathPart = pathinfo($userPath.'.'.$fileExtension); |
|
62 | if (strcasecmp( |
60 | if (strcasecmp( |
|
63 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
61 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
Line 64... | Line 62... | |||
64 | return; |
62 | return; |
|
65 | |
63 | |
|
Line 66... | Line 64... | |||
66 | #### Store the file. |
64 | #### Store the file. |
|
67 | atomized_put_contents($userPath, $data); |
65 | atomized_put_contents($userPath.'.'.$fileExtension, $data); |
|
68 | |
66 | |