[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Joomla! Content Management System 5 * 6 * @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All rights reserved. 7 * @license GNU General Public License version 2 or later; see LICENSE.txt 8 */ 9 10 namespace Joomla\CMS\Form\Rule; 11 12 use Joomla\CMS\Filesystem\Path; 13 use Joomla\CMS\Form\Form; 14 use Joomla\CMS\Form\FormRule; 15 use Joomla\Registry\Registry; 16 17 // phpcs:disable PSR1.Files.SideEffects 18 \defined('JPATH_PLATFORM') or die; 19 // phpcs:enable PSR1.Files.SideEffects 20 21 /** 22 * Form Rule class for the Joomla Platform. 23 * 24 * @since 3.9.21 25 */ 26 class FilePathRule extends FormRule 27 { 28 /** 29 * Method to test if the file path is valid 30 * 31 * @param \SimpleXMLElement $element The SimpleXMLElement object representing the `<field>` tag for the form field object. 32 * @param mixed $value The form field value to validate. 33 * @param string $group The field name group control value. This acts as an array container for the field. 34 * For example if the field has name="foo" and the group value is set to "bar" then the 35 * full field name would end up being "bar[foo]". 36 * @param Registry $input An optional Registry object with the entire data set to validate against the entire form. 37 * @param Form $form The form object for which the field is being tested. 38 * 39 * @return boolean True if the value is valid, false otherwise. 40 * 41 * @since 3.9.21 42 */ 43 public function test(\SimpleXMLElement $element, $value, $group = null, Registry $input = null, Form $form = null) 44 { 45 $value = trim($value); 46 47 // If the field is empty and not required, the field is valid. 48 $required = ((string) $element['required'] == 'true' || (string) $element['required'] == 'required'); 49 50 if (!$required && empty($value)) { 51 return true; 52 } 53 54 // Get the exclude setting from the xml 55 $exclude = (array) explode('|', (string) $element['exclude']); 56 57 // Exclude current folder '.' to be safe from full path disclosure 58 $exclude[] = '.'; 59 60 // Check the exclude setting 61 $path = preg_split('/[\/\\\\]/', $value); 62 63 if (in_array(strtolower($path[0]), $exclude) || empty($path[0])) { 64 return false; 65 } 66 67 // Prepend the root path 68 $value = JPATH_ROOT . '/' . $value; 69 70 // Check if $value is a valid path, which includes not allowing to break out of the current path 71 try { 72 Path::check($value); 73 } catch (\Exception $e) { 74 // When there is an exception in the check path this is not valid 75 return false; 76 } 77 78 // When there are no exception this rule should pass. 79 // See: https://github.com/joomla/joomla-cms/issues/30500#issuecomment-683290162 80 return true; 81 } 82 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |