More secure path validation

Log/FileLogger.php

@@ -19,6 +19,7 @@ use phpOMS\Datatypes\Exception\InvalidEnumValue;
 use phpOMS\Message\Http\Rest;
 use phpOMS\Message\RequestMethod;
 use phpOMS\System\FilePathException;
+use phpOMS\Validation\Validator;
 
 /**
  * Logging class.
@@ -92,7 +93,7 @@ class FileLogger implements LoggerInterface
 
         $path = realpath($lpath);
 
-        if (strpos($path, ROOT_PATH) === false) {
+        if ($path === false || Validator::startsWith($path, ROOT_PATH) === false) {
             throw new FilePathException($lpath);
         }
 

Version/Version.php

@@ -15,6 +15,7 @@
  */
 namespace phpOMS\Version;
 use phpOMS\System\FilePathException;
+use phpOMS\Validation\Validator;
 
 /**
  * Version class.
@@ -75,7 +76,7 @@ class Version
     {
         $path = realpath($jpath);
 
-        if(strpos($path, ROOT_PATH) === false || strpos($path, 'config.php') !== false) {
+        if($path === false || Validator::startsWith($path, ROOT_PATH) === false || strpos($path, 'config.php') !== false) {
             throw new FilePathException($jpath);
         }
 

Views/View.php

@@ -21,6 +21,7 @@ use phpOMS\Localization\Localization;
 use phpOMS\Message\RequestAbstract;
 use phpOMS\Message\ResponseAbstract;
 use phpOMS\System\FilePathException;
+use phpOMS\Validation\Validator;
 
 /**
  * List view.
@@ -281,7 +282,7 @@ class View implements RenderableInterface
         $this->l11n->setLang($this->app->l11nManager->getLanguage($this->response->getL11n()->getLanguage()));
         $path = realpath($oldPath = __DIR__ . '/../..' . $this->template . '.tpl.php');
 
-        if (strpos($path, ROOT_PATH) === false) {
+        if ($path === false || Validator::startsWith($path, ROOT_PATH) === false) {
             throw new FilePathException($oldPath);
         }