diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-05-14 21:05:08 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-05-14 21:05:08 +0000 |
| commit | b0c998319031ddbcdbabfc21585c27e149c68b61 (patch) | |
| tree | 4cb57c73a0e7ffce6bcc7b5e6c1a4fed0385a859 /includes | |
| parent | 0c4db413097e1435d0d788a7a1d03e0b7d80296c (diff) | |
| download | brdo-b0c998319031ddbcdbabfc21585c27e149c68b61.tar.gz brdo-b0c998319031ddbcdbabfc21585c27e149c68b61.tar.bz2 | |
- Patch by James/Gerhard: made file_create_path() more robust.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/file.inc | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/includes/file.inc b/includes/file.inc index 6c29a1725..9740836e7 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -47,19 +47,23 @@ function file_create_url($path) { * * @param $dest Path to verify * @return Path to file with file system directory appended if necessary. + * Returns FALSE if the path is invalid (i.e. outside the configured 'files'-directory). */ function file_create_path($dest = 0) { + $file_path = variable_get('file_directory_path', 'files'); if (!$dest) { - return variable_get('file_directory_path', 'files'); + return $file_path; } - - $regex = (IS_WINDOWS ? '.?:\\\\' : '/'); - if (!file_check_location($dest, variable_get('file_directory_path', 'files')) && !preg_match("|^$regex|", $dest)) { - return variable_get('file_directory_path', 'files') .'/'. trim($dest, '\\/'); - } - else { + // file_check_location() checks whether the destination is inside the Drupal /files directory. + if (file_check_location($dest, $file_path)) { return $dest; } + // Not found, try again with prefixed dirctory path. + else if (file_check_location($file_path . '/' . $dest, $file_path)) { + return $file_path . '/' . $dest; + } + // File not found. + return FALSE; } /** |