Merge pull request #462 from kanarip/dev/directory-traversal

Fix directory traversal issue
swooletw · Jan 21, 2021 · 41fe378 · 41fe378
2 parents 87aebd3 + 96a93e9
commit 41fe378
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/Transformers/Request.php b/src/Transformers/Request.php
@@ -183,12 +183,20 @@ public static function handleStatic($swooleRequest, $swooleResponse, string $pub
     {
         $uri = $swooleRequest->server['request_uri'] ?? '';
         $extension = strtok(pathinfo($uri, PATHINFO_EXTENSION), '?');
-        $fileName = $publicPath . $uri;
+        $fileName = @realpath($publicPath . $uri);
+
+        if (!$fileName) {
+            return false;
+        }
 
         if ($extension && in_array($extension, static::EXTENSION_BLACKLIST)) {
             return false;
         }
 
+        if (substr($fileName, 0, strlen($publicPath)) != $publicPath) {
+            return false;
+        }
+
         if (! is_file($fileName) || ! filesize($fileName)) {
             return false;
         }