Exemple #1
0
 /**
  * @dataProvider isBasePathDataProvider
  */
 public function testIsBasePath($basepath, $path, $assert)
 {
     if ($assert) {
         $this->assertTrue(FileUtil::isBasePath($path, $basepath));
     } else {
         $this->assertFalse(FileUtil::isBasePath($path, $basepath));
     }
 }
Exemple #2
0
 /**
  * {@inheritdoc}
  */
 public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true)
 {
     $uri = $request->getRequestUri();
     // never ever try to deal with null-bytes
     if (UrlUtil::containsNullBytes($uri)) {
         $this->logger->notice('null-byte found!', ['uri' => $uri]);
         return $this->handleNotFound($request);
     }
     // strip query string
     $path = UrlUtil::getPathFromUri($uri);
     // skip defined file exts
     if (FileUtil::matchExt(rtrim($path, '/'), $this->excludeExt)) {
         $this->logger->debug('file extension is excluded!', ['uri' => $uri, 'exclude' => $this->excludeExt]);
         return $this->handleNotFound($request);
     }
     // skip dotfiles
     if (FileUtil::containsDotfile($path)) {
         $this->logger->debug('wont handle dotfiles!', ['uri' => $uri]);
         return $this->handleNotFound($request);
     }
     // check path for possible traversal attacks
     if (UrlUtil::isPossiblePathTraversalAttack($path)) {
         $this->logger->notice('possible traversal attack!', ['uri' => $uri]);
         return $this->handleNotFound($request);
     }
     // build full path
     $fullpath = $this->webroot . $path;
     // check whether the file exists or not
     if (is_file($fullpath) && is_readable($fullpath)) {
         $contentType = FileUtil::guessMimeType($fullpath);
         $response = new Response(file_get_contents($fullpath), Response::HTTP_OK, ['Content-type' => $contentType]);
         $this->logger->debug('delivering file', ['uri' => $uri, 'fullpath' => $fullpath, 'mime' => $contentType]);
         return $response;
     }
     return $this->handleNotFound($request);
 }