Refs #11953 Path.php: add function which detects double dot. Function is not in use.

86697ebb · Marc Egger · ad87c16e · 86697ebb · 86697ebb
Commit 86697ebb authored Feb 08, 2021 by Marc Egger
--- a/extension/Classes/Core/Helper/OnString.php
+++ b/extension/Classes/Core/Helper/OnString.php
@@ -288,4 +288,43 @@ class OnString {
        }
        return false;
    }
+
+    /**
+     * Performs a case-sensitive check indicating if haystack begins with needle.
+     * As of PHP 8 you can use str_starts_with() instead.
+     *
+     * @param string $haystack
+     * @param string $needle
+     * @return bool
+     */
+    public static function strStartsWith(string $haystack , string $needle) : bool
+    {
+        return substr_compare($haystack, $needle, 0, strlen($needle)) === 0;
+    }
+
+    /**
+     * Performs a case-sensitive check indicating if haystack ends with needle.
+     * As of PHP 8 you can use str_ends_with() instead.
+     *
+     * @param string $haystack
+     * @param string $needle
+     * @return bool
+     */
+    public static function strEndsWith(string $haystack , string $needle) : bool
+    {
+        return substr_compare($haystack, $needle, -strlen($needle)) === 0;
+    }
+
+    /**
+     * Performs a case-sensitive check indicating if needle is contained in haystack.
+     * As of PHP 8 you can use str_contains() instead.
+     *
+     * @param string $haystack
+     * @param string $needle
+     * @return bool
+     */
+    public static function strContains(string $haystack , string $needle) : bool
+    {
+        return strpos($haystack, $needle) !== false;
+    }
 }
--- a/extension/Classes/Core/Helper/Path.php
+++ b/extension/Classes/Core/Helper/Path.php
@@ -33,7 +33,6 @@ class Path

    // API
    const EXT_TO_API = 'Classes/Api';
-    const API_TO_APP = '../../../../../'; // TODO: make relatvie to ext instead

    // Javascript
    const EXT_TO_JAVASCRIPT = 'Resources/Public/JavaScript';
@@ -530,4 +529,16 @@ EOF;
        }
        return self::join($absolutePath, $pathPartsToAppend);
    }
+
+    /**
+     * Returns true if the given path contains the double dot operator '..'.
+     * File/directory names which contain '..' are not counted.
+     *
+     * @param string $path
+     * @return bool
+     */
+    private static function containsDoubleDot(string $path)
+    {
+        return $path === '..' || OnString::strStartsWith($path, '../') || OnString::strEndsWith($path, '/..' ) || OnString::strContains($path, '/../');
+    }
 }
\ No newline at end of file