From aaac9b3173fcc00c555d6c10f37cdcdd8a9091ea Mon Sep 17 00:00:00 2001 From: Sergii Ivashchenko Date: Thu, 27 Feb 2020 15:10:37 +0000 Subject: [PATCH] Fixed directory isExists method handling of relative paths with double-dots --- .../Framework/Filesystem/Directory/ReadTest.php | 14 ++++++++++---- .../Framework/Filesystem/Directory/Read.php | 14 ++++++++------ 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/ReadTest.php b/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/ReadTest.php index bc77eeb932c9a..e04063eabc36b 100644 --- a/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/ReadTest.php +++ b/dev/tests/integration/testsuite/Magento/Framework/Filesystem/Directory/ReadTest.php @@ -73,17 +73,17 @@ public function testGetRelativePathOutside() $exceptions = 0; $dir = $this->getDirectoryInstance('foo'); try { - $dir->getRelativePath(__DIR__ .'/ReadTest.php'); + $dir->getRelativePath(__DIR__ . '/ReadTest.php'); } catch (ValidatorException $exception) { $exceptions++; } try { - $dir->getRelativePath(__DIR__ .'//./..////Directory/ReadTest.php'); + $dir->getRelativePath(__DIR__ . '//./..////Directory/ReadTest.php'); } catch (ValidatorException $exception) { $exceptions++; } try { - $dir->getRelativePath(__DIR__ .'\..\Directory\ReadTest.php'); + $dir->getRelativePath(__DIR__ . '\..\Directory\ReadTest.php'); } catch (ValidatorException $exception) { $exceptions++; } @@ -222,7 +222,13 @@ public function testIsExist($dirPath, $path, $exists) */ public function existsProvider() { - return [['foo', 'bar', true], ['foo', 'bar/baz/', true], ['foo', 'bar/notexists', false]]; + return [ + ['foo', 'bar', true], + ['foo', 'bar/baz/', true], + ['foo', 'bar/notexists', false], + ['foo', 'foo/../bar/', true], + ['foo', 'foo/../notexists/', false] + ]; } public function testIsExistOutside() diff --git a/lib/internal/Magento/Framework/Filesystem/Directory/Read.php b/lib/internal/Magento/Framework/Filesystem/Directory/Read.php index a3a4cec59953f..e23eadd57d866 100644 --- a/lib/internal/Magento/Framework/Filesystem/Directory/Read.php +++ b/lib/internal/Magento/Framework/Filesystem/Directory/Read.php @@ -9,6 +9,7 @@ use Magento\Framework\Exception\ValidatorException; /** + * Filesystem directory instance for read operations * @api */ class Read implements ReadInterface @@ -40,8 +41,6 @@ class Read implements ReadInterface private $pathValidator; /** - * Constructor. Set properties. - * * @param \Magento\Framework\Filesystem\File\ReadFactory $fileFactory * @param \Magento\Framework\Filesystem\DriverInterface $driver * @param string $path @@ -60,6 +59,8 @@ public function __construct( } /** + * Validate the path is correct and within the directory + * * @param null|string $path * @param null|string $scheme * @param bool $absolutePath @@ -96,8 +97,7 @@ protected function setPath($path) } /** - * Retrieves absolute path - * E.g.: /var/www/application/file.txt + * Retrieves absolute path i.e. /var/www/application/file.txt * * @param string $path * @param string $scheme @@ -151,7 +151,7 @@ public function read($path = null) /** * Read recursively * - * @param null $path + * @param string|null $path * @throws ValidatorException * @return string[] */ @@ -207,7 +207,9 @@ public function isExist($path = null) { $this->validatePath($path); - return $this->driver->isExists($this->driver->getAbsolutePath($this->path, $path)); + return $this->driver->isExists( + $this->driver->getRealPathSafety($this->driver->getAbsolutePath($this->path, $path)) + ); } /**