public function testNoTranverseOutsideRoot() { $top_level = false; //in this case, it it top level directory - cannot be tranverse back if (strcmp(realpath(BROWSE_URL . '..'), realpath(BROWSE_URL)) === 0) { $top_level = true; } $this->assertFalse(!$top_level && FileBrowser::getFolderContent('..')); //pick random file outside root scope and try to download //NOTE: this test only go one level higher for now $iterator = new DirectoryIterator(BROWSE_URL . '..'); foreach ($iterator as $fileInfo) { if ($fileInfo->isFile() === true) { $this->assertFalse(!$top_level && FileBrowser::fileDownload($fileInfo->getPathname(), true)); break; } } }
<?php require_once 'FileBrowser.class.php'; $path = filter_input(INPUT_GET, 'path'); FileBrowser::fileDownload($path);