Robustness: safer RainTPL directory handling

Relates to shaarli#845 Relates to shaarli#846 Relates to shaarli#909 Signed-off-by: VirtualTam <[email protected]>
virtualtam · Sep 28, 2017 · e4325b1 · e4325b1
1 parent 0cba184
commit e4325b1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ public static function checkPHPVersion($minVersion, $curVersion)
     public static function checkResourcePermissions($conf)
     {
         $errors = array();
+        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
 
         // Check script and template directories are readable
         foreach (array(
             'application',
             'inc',
             'plugins',
-            $conf->get('resource.raintpl_tpl'),
-            $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
+            $rainTplDir,
+            $rainTplDir.'/'.$conf->get('resource.theme'),
         ) as $path) {
             if (! is_readable(realpath($path))) {
                 $errors[] = '"'.$path.'" directory is not readable';

diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php
@@ -22,6 +22,7 @@ class ThemeUtils
      */
     public static function getThemes($tplDir)
     {
+        $tplDir = rtrim($tplDir, '/');
         $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
         $themes = [];
         foreach ($allTheme as $value) {