mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge pull request #6565 from open-sausages/pulls/4.0/safe-root
BUG Ensure root path of any local adapter is safely created and mapped from symlink
This commit is contained in:
commit
b4fc46d63e
@ -5,6 +5,7 @@ namespace SilverStripe\Assets\Flysystem;
|
||||
use League\Flysystem\Adapter\Local;
|
||||
use League\Flysystem\Config as FlysystemConfig;
|
||||
use SilverStripe\Assets\File;
|
||||
use SilverStripe\Assets\Filesystem;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\ORM\ArrayList;
|
||||
use SilverStripe\View\ArrayData;
|
||||
@ -43,8 +44,10 @@ class AssetAdapter extends Local
|
||||
|
||||
public function __construct($root = null, $writeFlags = LOCK_EX, $linkHandling = self::DISALLOW_LINKS)
|
||||
{
|
||||
// Get root path
|
||||
// Get root path, and ensure that this exists and is safe
|
||||
$root = $this->findRoot($root);
|
||||
Filesystem::makeFolder($root);
|
||||
$root = realpath($root);
|
||||
|
||||
// Override permissions with config
|
||||
$permissions = Config::inst()->get(get_class($this), 'file_permissions');
|
||||
|
@ -7,6 +7,13 @@ use SilverStripe\Control\Director;
|
||||
|
||||
class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
|
||||
{
|
||||
/**
|
||||
* Prefix between the root url and base of the assets folder
|
||||
* Used for generating public urls
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $parentUrlPrefix = null;
|
||||
|
||||
/**
|
||||
* Server specific configuration necessary to block http traffic to a local folder
|
||||
@ -26,11 +33,18 @@ class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
|
||||
protected function findRoot($root)
|
||||
{
|
||||
if ($root) {
|
||||
return parent::findRoot($root);
|
||||
$path = parent::findRoot($root);
|
||||
} else {
|
||||
$path = ASSETS_PATH;
|
||||
}
|
||||
|
||||
// Empty root will set the path to assets
|
||||
return ASSETS_PATH;
|
||||
// Detect segment between root directory and assets root
|
||||
if (stripos($path, BASE_PATH) === 0) {
|
||||
$this->parentUrlPrefix = substr($path, strlen(BASE_PATH));
|
||||
} else {
|
||||
$this->parentUrlPrefix = ASSETS_DIR;
|
||||
}
|
||||
return $path;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -41,15 +55,6 @@ class PublicAssetAdapter extends AssetAdapter implements PublicAdapter
|
||||
*/
|
||||
public function getPublicUrl($path)
|
||||
{
|
||||
$rootPath = realpath(BASE_PATH);
|
||||
$filesPath = realpath($this->pathPrefix);
|
||||
|
||||
if (stripos($filesPath, $rootPath) === 0) {
|
||||
$dir = substr($filesPath, strlen($rootPath));
|
||||
return Controller::join_links(Director::baseURL(), $dir, $path);
|
||||
}
|
||||
|
||||
// File outside of webroot can't be used
|
||||
return null;
|
||||
return Controller::join_links(Director::baseURL(), $this->parentUrlPrefix, $path);
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user