summaryrefslogtreecommitdiffstats
path: root/provision.inc
diff options
context:
space:
mode:
authorAntoine Beaupré2011-04-07 19:39:42 (GMT)
committerAntoine Beaupré2011-04-07 19:53:57 (GMT)
commit137ecd9f9f60d2731b4130bb7e2053a263d982cd (patch)
treecbe878922b695933f0de184e2c2c15d1c03b128a /provision.inc
parent84e633b505df86b68823ad12458bfd837999751f (diff)
document _provision_file_check_location()
Diffstat (limited to 'provision.inc')
-rw-r--r--provision.inc18
1 files changed, 18 insertions, 0 deletions
diff --git a/provision.inc b/provision.inc
index 7aed963..4c610f5 100644
--- a/provision.inc
+++ b/provision.inc
@@ -154,6 +154,24 @@ function _provision_recursive_delete($path) {
return $ret;
}
+/**
+ * Convenience copy of Drupal 6's file_check_location()
+ *
+ * Check if a file is really located inside $directory. Should be used to make
+ * sure a file specified is really located within the directory to prevent
+ * exploits.
+ *
+ * @code
+ * // Returns FALSE:
+ * file_check_location('/www/example.com/files/../../../etc/passwd', '/www/example.com/files');
+ * @endcode
+ *
+ * @param $source A string set to the file to check.
+ * @param $directory A string where the file should be located.
+ * @return 0 for invalid path or the real path of the source.
+ *
+ * @see file_check_location()
+ */
function _provision_file_check_location($source, $directory = '') {
$check = realpath($source);
if ($check) {