tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUG Ensure root path of any local adapter is safely created and mapped from symlink

Browse Source 
Fixes https://github.com/silverstripe/silverstripe-asset-admin/issues/362
This commit is contained in:
Damian Mooyman 2017-01-25 11:51:38 +13:00
parent 0c149b9386
commit 5d6c90361c
No known key found for this signature in database
GPG Key ID: 78B823A10DE27D1A
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Assets/Flysystem/AssetAdapter.php
View File

@ -5,6 +5,7 @@ namespace SilverStripe\Assets\Flysystem;
use League\Flysystem\Adapter\Local; use League\Flysystem\Adapter\Local;
use League\Flysystem\Config as FlysystemConfig; use League\Flysystem\Config as FlysystemConfig;
use SilverStripe\Assets\File; use SilverStripe\Assets\File;
use SilverStripe\Assets\Filesystem;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
use SilverStripe\ORM\ArrayList; use SilverStripe\ORM\ArrayList;
use SilverStripe\View\ArrayData; use SilverStripe\View\ArrayData;
@ -43,8 +44,10 @@ class AssetAdapter extends Local
public function __construct($root = null, $writeFlags = LOCK_EX, $linkHandling = self::DISALLOW_LINKS) public function __construct($root = null, $writeFlags = LOCK_EX, $linkHandling = self::DISALLOW_LINKS)
{ {
// Get root path // Get root path, and ensure that this exists and is safe
$root = $this->findRoot($root); $root = $this->findRoot($root);
Filesystem::makeFolder($root);
$root = realpath($root);
// Override permissions with config // Override permissions with config
$permissions = Config::inst()->get(get_class($this), 'file_permissions'); $permissions = Config::inst()->get(get_class($this), 'file_permissions');

31
src/Assets/Flysystem/PublicAssetAdapter.php
View File

@ -7,6 +7,13 @@ use SilverStripe\Control\Director;
class PublicAssetAdapter extends AssetAdapter implements PublicAdapter class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
{ {
/**
* Prefix between the root url and base of the assets folder
* Used for generating public urls
*
* @var string
*/
protected $parentUrlPrefix = null;
/** /**
* Server specific configuration necessary to block http traffic to a local folder * Server specific configuration necessary to block http traffic to a local folder
@ -26,11 +33,18 @@ class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
protected function findRoot($root) protected function findRoot($root)
{ {
if ($root) { if ($root) {
return parent::findRoot($root); $path = parent::findRoot($root);
} else {
$path = ASSETS_PATH;
} }
// Empty root will set the path to assets // Detect segment between root directory and assets root
return ASSETS_PATH; if (stripos($path, BASE_PATH) === 0) {
$this->parentUrlPrefix = substr($path, strlen(BASE_PATH));
} else {
$this->parentUrlPrefix = ASSETS_DIR;
}
return $path;
} }
/** /**
@ -41,15 +55,6 @@ class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
*/ */
public function getPublicUrl($path) public function getPublicUrl($path)
{ {
$rootPath = realpath(BASE_PATH); return Controller::join_links(Director::baseURL(), $this->parentUrlPrefix, $path);
$filesPath = realpath($this->pathPrefix);
if (stripos($filesPath, $rootPath) === 0) {
$dir = substr($filesPath, strlen($rootPath));
return Controller::join_links(Director::baseURL(), $dir, $path);
}
// File outside of webroot can't be used
return null;
} }
} }