You are here

private function PharExtensionInterceptor::baseFileContainsPharExtension in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Security/PharExtensionInterceptor.php \Drupal\Core\Security\PharExtensionInterceptor::baseFileContainsPharExtension()
  2. 7 misc/typo3/drupal-security/PharExtensionInterceptor.php \Drupal\Core\Security\PharExtensionInterceptor::baseFileContainsPharExtension()

Determines if a path has a .phar extension or invoked execution.

Parameters

string $path: The path of the phar file to check.

Return value

bool TRUE if the file has a .phar extension or if the execution has been invoked by the phar file.

1 call to PharExtensionInterceptor::baseFileContainsPharExtension()
PharExtensionInterceptor::assert in core/lib/Drupal/Core/Security/PharExtensionInterceptor.php
Determines whether phar file is allowed to execute.

File

core/lib/Drupal/Core/Security/PharExtensionInterceptor.php, line 57

Class

PharExtensionInterceptor
An alternate PharExtensionInterceptor to support phar-based CLI tools.

Namespace

Drupal\Core\Security

Code

private function baseFileContainsPharExtension($path) {
  $baseFile = Helper::determineBaseFile($path);
  if ($baseFile === NULL) {
    return FALSE;
  }

  // If the stream wrapper is registered by invoking a phar file that does
  // not have .phar extension then this should be allowed. For example, some
  // CLI tools recommend removing the extension.
  $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);

  // Find the last entry in the backtrace containing a 'file' key as
  // sometimes the last caller is executed outside the scope of a file. For
  // example, this occurs with shutdown functions.
  do {
    $caller = array_pop($backtrace);
  } while (empty($caller['file']) && !empty($backtrace));
  if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) {
    return TRUE;
  }
  $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION);
  return strtolower($fileExtension) === 'phar';
}