diff options
Diffstat (limited to 'it.class')
| -rw-r--r-- | it.class | 37 |
1 files changed, 36 insertions, 1 deletions
@@ -1070,7 +1070,7 @@ static function add_dir($path) */ static function file_get($filename, $p = array()) { - if (($data = file_get_contents($filename == "-" ? "php://stdin" : $filename)) !== false) + if (($data = it::file_get_contents($filename == "-" ? "php://stdin" : $filename)) !== false) { if ($p['keyval']) { @@ -1099,6 +1099,8 @@ static function file_get($filename, $p = array()) */ static function file_put($filename, $data, $p = array()) { + $filename = it::safe_filename($filename); + if ($p['keyval']) $data = join("", it::map('"$k\t$v\n"', $data)); else if ($p['lines']) @@ -1168,4 +1170,37 @@ static function mod($a, $n) return (($a % $n) + $n) % $n; } +static function safe_filename($filename) +{ + if (it::match("\./", $filename)) + it::error(['to' => "mueller", 'title' => "fishy filename $filename"]); + + return $filename; +} + +static function file_get_contents($filename, $use_include_path = false, $context = null, $offset = 0) +{ + return file_get_contents(it::safe_filename($filename), $use_include_path, $context, $offset); +} + +static function file_put_contents($filename, $data, $flags = 0, $resource = null) +{ + return file_put_contents(it::safe_filename($filename), $data, $flags, $resource); +} + +static function fopen($filename, $mode, $use_include_path = false, $context = null) +{ + return fopen(it::safe_filename($filename), $mode, $use_include_path, $context); +} + +static function file($filename, $flags = 0, $context = null) +{ + return file(it::safe_filename($filename), $flags, $context); +} + +static function readfile($filename, $use_include_path = false, $context = null) +{ + return readfile(it::safe_filename($filename), $use_include_path, $context); +} + } |