filesite
/
machete
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

move function improve to disable ../ in from and to directory

master
filesite 2 years ago
parent
3ed89fb496
commit
dad269b6e2
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      controller/ApiController.php

6
controller/ApiController.php
Unescape View File

@ -53,7 +53,7 @@ Class ApiController extends Controller {
$realpath = preg_replace('/\/$/', '', $realpath); $realpath = preg_replace('/\/$/', '', $realpath);
$arr = explode('/', $realpath); $arr = explode('/', $realpath);
if (count($arr) < 2) {return '/';} if (count($arr) < 2 || empty($arr[0])) {return '/';}
array_pop($arr); array_pop($arr);
return implode('/', $arr); return implode('/', $arr);
@ -61,7 +61,7 @@ Class ApiController extends Controller {
//判断父目录是否合法 //判断父目录是否合法
protected function isParentDirectoryValid($parentDir) { protected function isParentDirectoryValid($parentDir) {
if (empty($parentDir) || strpos($parentDir, '../') !== false) { if (empty($parentDir) || strpos($parentDir, '..') !== false) {
return false; return false;
}else if ($realpath == '/') { }else if ($realpath == '/') {
return true; return true;
@ -286,7 +286,7 @@ Class ApiController extends Controller {
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']);
} }
$fromFile = str_replace("{$fromParent}/", '', $fromDir); $fromFile = $this->basename($fromDir);
$toDir = preg_match('/\/$/', $toDir) ? "{$toDir}{$fromFile}" : "{$toDir}/{$fromFile}"; $toDir = preg_match('/\/$/', $toDir) ? "{$toDir}{$fromFile}" : "{$toDir}/{$fromFile}";
} }

Write Preview
Loading…
Cancel
Save