/** * Safe add a trailing slash to a path if not already have it, with safe detection and avoid root access. * * Adding a trailing slash to a path is not a simple task as if path is empty, adding the trailing slash will result in accessing the root file system as will be: /. * Otherwise it have to detect if the trailing slash exists already to avoid double slash. * * @param STRING $y_path :: The path to add the trailing slash to * * @return STRING :: The fixed path with a trailing */ public static function add_dir_last_slash($y_path) { //-- $y_path = (string) trim((string) Smart::fix_path_separator(trim((string) $y_path))); //-- if ((string) $y_path == '' or (string) $y_path == '.' or (string) $y_path == './') { return './'; // this is a mandatory security fix for the cases when used with dirname() which may return empty or just . } //end if //-- if ((string) $y_path == '/' or (string) trim((string) str_replace(['/', '.'], ['', ''], (string) $y_path)) == '' or strpos($y_path, '\\') !== false) { Smart::log_warning('SmartFramework // FileSystemUtils // Add Last Dir Slash: Invalid Path: [' . $y_path . '] ; Returned TMP/INVALID/'); return 'tmp/invalid/'; // Security Fix: avoid make the path as root: / (if the path is empty, adding a trailing slash is a huge security risk) } //end if //-- if (substr($y_path, -1, 1) != '/') { $y_path = $y_path . '/'; } //end if //-- self::raise_error_if_unsafe_path($y_path); //-- return (string) $y_path; //-- }
public static function get_server_current_full_script() { //-- return (string) Smart::fix_path_separator(trim((string) $_SERVER['SCRIPT_NAME'])); // Fix: on Windows it can contain \ instead of / //-- }