You are here

Home » API reference » Filebrowser 5 » filebrowser.module

function filebrowser_safe_folder in Filebrowser 5

Convert windows path values to use slashes, prevent slashes used repeatedly, and try to catch and eliminate path walkback attemepts. Also prevent from accessing version control system folders.

1 call to filebrowser_safe_folder()
filebrowser_get_list in ./filebrowser.module
Returns a list of files in a subfolder under the admin specified filebrowser root. File system details (size, last modification) is added, plus a metafile is parsed to gather more information, if available.

File

./filebrowser.module, line 349

Code

function filebrowser_safe_folder($subfolder) {
  $folder = variable_get('filebrowser_root', '') . "/{$subfolder}";
  while (TRUE) {
    $safer = str_replace(array(
      "\\",
      "../",
      "/.svn",
      "/CVS",
      "..",
    ), array(
      "/",
      "",
      "",
      "",
      "",
    ), $folder);
    if ($safer !== $folder) {
      $folder = $safer;
    }
    else {
      break;
    }
  }
  $folder = preg_replace("!^/*([^/].+[^/])/*\$!", "\\1", $folder);
  return preg_replace("!/+!", "/", $folder);
}