diff --git a/Log/FileLogger.php b/Log/FileLogger.php index 0539a72ca..760eec463 100644 --- a/Log/FileLogger.php +++ b/Log/FileLogger.php @@ -19,6 +19,7 @@ use phpOMS\Datatypes\Exception\InvalidEnumValue; use phpOMS\Message\Http\Rest; use phpOMS\Message\RequestMethod; use phpOMS\System\FilePathException; +use phpOMS\Validation\Validator; /** * Logging class. @@ -92,7 +93,7 @@ class FileLogger implements LoggerInterface $path = realpath($lpath); - if (strpos($path, ROOT_PATH) === false) { + if ($path === false || Validator::startsWith($path, ROOT_PATH) === false) { throw new FilePathException($lpath); } diff --git a/Version/Version.php b/Version/Version.php index 4c57f9a12..06ef3679b 100644 --- a/Version/Version.php +++ b/Version/Version.php @@ -15,6 +15,7 @@ */ namespace phpOMS\Version; use phpOMS\System\FilePathException; +use phpOMS\Validation\Validator; /** * Version class. @@ -75,7 +76,7 @@ class Version { $path = realpath($jpath); - if(strpos($path, ROOT_PATH) === false || strpos($path, 'config.php') !== false) { + if($path === false || Validator::startsWith($path, ROOT_PATH) === false || strpos($path, 'config.php') !== false) { throw new FilePathException($jpath); } diff --git a/Views/View.php b/Views/View.php index 5a00777a8..8f31a2e3f 100644 --- a/Views/View.php +++ b/Views/View.php @@ -21,6 +21,7 @@ use phpOMS\Localization\Localization; use phpOMS\Message\RequestAbstract; use phpOMS\Message\ResponseAbstract; use phpOMS\System\FilePathException; +use phpOMS\Validation\Validator; /** * List view. @@ -281,7 +282,7 @@ class View implements RenderableInterface $this->l11n->setLang($this->app->l11nManager->getLanguage($this->response->getL11n()->getLanguage())); $path = realpath($oldPath = __DIR__ . '/../..' . $this->template . '.tpl.php'); - if (strpos($path, ROOT_PATH) === false) { + if ($path === false || Validator::startsWith($path, ROOT_PATH) === false) { throw new FilePathException($oldPath); }