/** * Checks given file for security * * @param SplFileInfo $file * @access protected * @return bool */ protected function checkOneFile($file) { $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $_aclConfig = $this->_config->getAccessControlConfig(); $directory = str_replace('\\', '/', $resourceTypeInfo->getDirectory()); $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($file->getFilename()); if ($this->_config->forceAscii()) { $fileName = QFinder_Connector_Utils_FileSystem::convertToAscii($fileName); } $pathName = str_replace('\\', '/', pathinfo($file->getPathname(), PATHINFO_DIRNAME)); $pathName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($pathName); // acl $aclMask = $_aclConfig->getComputedMask($this->_currentFolder->getResourceTypeName(), str_ireplace($directory, '', $pathName)); $isAuthorized = ($aclMask & QFINDER_CONNECTOR_ACL_FILE_VIEW) == QFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { return false; } // if it is a folder fileName represents the dir if ($file->isDir() && (!QFinder_Connector_Utils_FileSystem::checkFolderPath($fileName) || $resourceTypeInfo->checkIsHiddenPath($fileName))) { return false; } // folder name if (!QFinder_Connector_Utils_FileSystem::checkFolderPath($pathName)) { return false; } // is hidden if ($resourceTypeInfo->checkIsHiddenPath($pathName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { return false; } // extension if (!$resourceTypeInfo->checkExtension($fileName) || !QFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { return false; } return true; }