From 82ff67d50a245c09f9c7c49b2c50f17b7dc06679 Mon Sep 17 00:00:00 2001 From: Urban Müller Date: Tue, 19 Jun 2018 18:18:27 +0200 Subject: safe variants of php file funcs --- it.class | 37 ++++++++++++++++++++++++++++++++++++- tests/it.t | 8 ++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/it.class b/it.class index c601c9c..247b50f 100644 --- a/it.class +++ b/it.class @@ -1070,7 +1070,7 @@ static function add_dir($path) */ static function file_get($filename, $p = array()) { - if (($data = file_get_contents($filename == "-" ? "php://stdin" : $filename)) !== false) + if (($data = it::file_get_contents($filename == "-" ? "php://stdin" : $filename)) !== false) { if ($p['keyval']) { @@ -1099,6 +1099,8 @@ static function file_get($filename, $p = array()) */ static function file_put($filename, $data, $p = array()) { + $filename = it::safe_filename($filename); + if ($p['keyval']) $data = join("", it::map('"$k\t$v\n"', $data)); else if ($p['lines']) @@ -1168,4 +1170,37 @@ static function mod($a, $n) return (($a % $n) + $n) % $n; } +static function safe_filename($filename) +{ + if (it::match("\./", $filename)) + it::error(['to' => "mueller", 'title' => "fishy filename $filename"]); + + return $filename; +} + +static function file_get_contents($filename, $use_include_path = false, $context = null, $offset = 0) +{ + return file_get_contents(it::safe_filename($filename), $use_include_path, $context, $offset); +} + +static function file_put_contents($filename, $data, $flags = 0, $resource = null) +{ + return file_put_contents(it::safe_filename($filename), $data, $flags, $resource); +} + +static function fopen($filename, $mode, $use_include_path = false, $context = null) +{ + return fopen(it::safe_filename($filename), $mode, $use_include_path, $context); +} + +static function file($filename, $flags = 0, $context = null) +{ + return file(it::safe_filename($filename), $flags, $context); +} + +static function readfile($filename, $use_include_path = false, $context = null) +{ + return readfile(it::safe_filename($filename), $use_include_path, $context); +} + } diff --git a/tests/it.t b/tests/it.t index 0da8768..ef3dfdb 100755 --- a/tests/it.t +++ b/tests/it.t @@ -465,3 +465,11 @@ is(it::split("b", "ababa", ['limit' => 2]), ["a", "aba"]); is(it::split("b", "abbba", ['no_empty' => true]), ["a", "a"]); is(it::split("(b)", "aba", ['delim_capture' => true]), ["a", "b", "a"]); is(it::split("b", "aabaa", ['offset_capture' => true]), [["aa", 0], ["aa", 3]]); + +it::file_put_contents("/tmp/it_test", "aa"); +is(($fh = fopen("/tmp/it_test", "r")) ? fgets($fh) : null, "aa"); +is(it::file_get_contents("/tmp/it_test"), "aa"); +is(it::file("/tmp/it_test"), ["aa"]); + +it::file_put("/tmp/it_test", "bb"); +is(it::file_get("/tmp/it_test"), "bb"); -- cgit v1.2.3