From df2e299d55a38bbaa9afda089634b74e2d3c5e53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Perr=C3=A9al?= <guillaume.perreal@irstea.fr>
Date: Mon, 26 Jan 2015 15:04:01 +0100
Subject: [PATCH] =?UTF-8?q?UploadedFile:=20v=C3=A9rifie=20dans=20setPath?=
 =?UTF-8?q?=20que=20$path=20ne=20pointe=20pas=20en=20dehors=20du=20r=C3=A9?=
 =?UTF-8?q?pertoire.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Entity/UploadedFile.php | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/Entity/UploadedFile.php b/Entity/UploadedFile.php
index 223c2b48..70b0e051 100644
--- a/Entity/UploadedFile.php
+++ b/Entity/UploadedFile.php
@@ -151,7 +151,10 @@ class UploadedFile
      */
     public function setPath($path)
     {
-        $this->path = $path;
+        if(!static::isSafePath($path)) {
+            throw new InvalidArgumentException("Unsafe path: $path");
+        }
+        $this->path = trim($path, '/');
 
         return $this;
     }
@@ -495,4 +498,30 @@ class UploadedFile
     {
         return fwrite($filehandle, $maxlen);
     }
+
+    /** Vérifie si
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public static function isSafePath($path)
+    {
+        $parts = explode('/', trim($path, '/'));
+        $level = 0;
+        foreach($parts as $part) {
+            switch($part) {
+                case '.':
+                    break;
+                case '..':
+                    $level--;
+                    if($level < 0) {
+                        return false;
+                    }
+                    break;
+                default:
+                    $level++;
+            }
+        }
+        return true;
+    }
 }
-- 
GitLab