public function testNoTranverseOutsideRoot()
{
$top_level = false;
//in this case, it it top level directory - cannot be tranverse back
if (strcmp(realpath(BROWSE_URL . '..'), realpath(BROWSE_URL)) === 0) {
$top_level = true;
}
$this->assertFalse(!$top_level && FileBrowser::getFolderContent('..'));
//pick random file outside root scope and try to download
//NOTE: this test only go one level higher for now
$iterator = new DirectoryIterator(BROWSE_URL . '..');
foreach ($iterator as $fileInfo) {
if ($fileInfo->isFile() === true) {
$this->assertFalse(!$top_level && FileBrowser::fileDownload($fileInfo->getPathname(), true));
break;
}
}
}
<?php require_once 'FileBrowser.class.php'; $path = filter_input(INPUT_GET, 'path'); FileBrowser::fileDownload($path);
