Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-21 08:51:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Fix unneeded access outside open_basedir when looking for modules (#28237)

Browse Source 
* FIX: Fix unneeded access outside open_basedir when looking for modules

# FIX: Fix unneeded access outside open_basedir when looking for modules

Change the order in which the if conditions are tested so that an is_dir("dir/..") is avoided
by first testing if the subpath starts with a dot.

Also changed uppercased the first 3 letters of the file before comparing to CVS.

Finally, improved the typing hint and documentation.

The PHPUNIT test failed like this:

```
35) ExportTest::testExportModulesDatasets
is_dir(): open_basedir restriction in effect. File(D:\a\dolibarr\dolibarr\htdocs/..) is not within the allowed path(s): (D:\a\dolibarr\dolibarr\htdocs;D:\a\dolibarr\dolibarr\documents;D:\a\dolibarr\dolibarr\test;D:\a\dolibarr\dolibarr\dev\initdemo;c:\tools\php)

D:\a\dolibarr\dolibarr\htdocs\core\lib\functions2.lib.php:100
D:\a\dolibarr\dolibarr\htdocs\exports\class\export.class.php:119
D:\a\dolibarr\dolibarr\test\phpunit\ExportTest.php:463
```

* Fix spelling
This commit is contained in:
MDW
2024-02-18 15:09:01 +01:00
committed by GitHub
parent bf13b040d7
commit f5dd7d7c93
1 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/core/lib/functions2.lib.php
View File

@@ -6,6 +6,7 @@
* Copyright (C) 2015 Ferran Marcet <fmarcet@2byte.es> * Copyright (C) 2015 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2015-2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr> * Copyright (C) 2015-2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2017 Juanjo Menent <jmenent@2byte.es> * Copyright (C) 2017 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@@ -71,11 +72,13 @@ function jsUnEscape($source)
/** /**
* Return list of modules directories. We detect directories that contains a subdirectory /core/modules * Return list of directories that contain modules.
* We discard directory modules that contains 'disabled' into their name.
* *
* @param string $subdir Sub directory (Example: '/mailings') * Detects directories that contain a subdirectory /core/modules.
* @return array Array of directories that can contains module descriptors * Modules that contains 'disabled' in their name are excluded.
*
* @param string $subdir Sub directory (Example: '/mailings' will look for /core/modules/mailings/)
* @return array<string,string> Array of directories that can contain module descriptors ($key==value)
*/ */
function dolGetModulesDirs($subdir = '') function dolGetModulesDirs($subdir = '')
{ {
@@ -97,7 +100,7 @@ function dolGetModulesDirs($subdir = '')
continue; // We discard module if it contains disabled into name. continue; // We discard module if it contains disabled into name.
} }
if (is_dir($dirroot.'/'.$file) && substr($file, 0, 1) != '.' && substr($file, 0, 3) != 'CVS' && $file != 'includes') { if (substr($file, 0, 1) != '.' && is_dir($dirroot.'/'.$file) && strtoupper(substr($file, 0, 3)) != 'CVS' && $file != 'includes') {
if (is_dir($dirroot.'/'.$file.'/core/modules'.$subdir.'/')) { if (is_dir($dirroot.'/'.$file.'/core/modules'.$subdir.'/')) {
$modulesdir[$dirroot.'/'.$file.'/core/modules'.$subdir.'/'] = $dirroot.'/'.$file.'/core/modules'.$subdir.'/'; $modulesdir[$dirroot.'/'.$file.'/core/modules'.$subdir.'/'] = $dirroot.'/'.$file.'/core/modules'.$subdir.'/';
} }