From 0c6d9a4be06830131bd9c92f467fca3602954aba Mon Sep 17 00:00:00 2001 From: Paul Coudeville Date: Tue, 23 Jan 2024 17:51:10 +0100 Subject: [PATCH 1/2] fix(upload): allow pathFormattedFromString for string ending with directory separator --- classes/HelperBuilder.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/classes/HelperBuilder.php b/classes/HelperBuilder.php index e125d753..6652d372 100644 --- a/classes/HelperBuilder.php +++ b/classes/HelperBuilder.php @@ -40,6 +40,10 @@ public static function pathFormattedFromString($path, $rtrim = false) throw new Exception('Path "' . $path . '" should begin by $ ex: "$/prettyblocks/path/to/images/"'); } $pathFormatted = str_replace('$', _PS_ROOT_DIR_, $path); + + if (substr($pathFormatted, -1) === '/') { + $pathFormatted = substr($pathFormatted, 0, -1); + } $path = realpath($pathFormatted) . '/'; if ($rtrim) { $path = rtrim($path, '/'); From 28d665be495bb79f1131183eab6c54dd45fdb4b3 Mon Sep 17 00:00:00 2001 From: Paul Coudeville Date: Tue, 23 Jan 2024 17:56:00 +0100 Subject: [PATCH 2/2] fix(HelperBuilder): invalid index accesses can no longer occur --- classes/HelperBuilder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/HelperBuilder.php b/classes/HelperBuilder.php index 6652d372..55963f3e 100644 --- a/classes/HelperBuilder.php +++ b/classes/HelperBuilder.php @@ -36,7 +36,7 @@ public static function pathFormattedFromString($path, $rtrim = false) if (strpos($path, '..') !== false) { throw new Exception('Invalid path'); } - if (substr($path, 0, 1) !== '$') { + if ($path[0] !== '$') { throw new Exception('Path "' . $path . '" should begin by $ ex: "$/prettyblocks/path/to/images/"'); } $pathFormatted = str_replace('$', _PS_ROOT_DIR_, $path);