Skip to content
This repository has been archived by the owner on Sep 10, 2024. It is now read-only.

Static resources via symlink no longer work #481

Open
aftabnaveed opened this issue Mar 31, 2021 · 7 comments
Open

Static resources via symlink no longer work #481

aftabnaveed opened this issue Mar 31, 2021 · 7 comments

Comments

@aftabnaveed
Copy link

Make sure you read Issues Guideline and answer these questions before submitting your issue. Thanks!
(Any non-English issues will be closed immediately.)

  1. Please provide your PHP and Swoole version. (php -v and php --ri swoole)

PHP 8.0.3 (cli) (built: Mar 4 2021 05:33:14) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.3, Copyright (c) Zend Technologies

Swoole => enabled
Author => Swoole Team team@swoole.com
Version => 4.6.4
Built => Mar 30 2021 15:39:43

  1. Please provide your Laravel/Lumen version.

Laravel 8.

  1. Which release version of this package are you using?

  2. What did you do? If possible, provide a recipe for reproducing the error.
    Created a Symlink in /public folder and set SWOOLE_HANDLE_STATIC to true in .env

  3. What did you expect to see?
    Expected to be able to see the static file from a symlink

  4. What did you see instead?
    404 Not Found

It looks like the following Merge broke the static resources served via symlink.

96a93e9#diff-5c6e8c22956d54a6193a50ec2c2ca80a8b2be45efa15faa70a2e5f9d0f29d380

 $fileName = @realpath($publicPath . $uri);

The above line in SwooleTW\Http\Transformers\Request now returns the real path of the file, and then on line 196 it compares it against public path which does not match, returns false and hence will not serve the static file.

if (substr($fileName, 0, strlen($publicPath)) != $publicPath) {
            return false;
}
@Arkanius
Copy link
Contributor

Arkanius commented Apr 1, 2021

Hello, thanks for reporting this issue.

Well, looks it will always be false indeed

Introduced at #462

We should find a better way to fix the lfi issue by changing this if

@Arkanius Arkanius added the bug label Apr 1, 2021
@aftabnaveed
Copy link
Author

I think the issue is this line $fileName = @realpath($publicPath . $uri); realpath is a system call which resolves symlink to it's original value.

@Arkanius
Copy link
Contributor

Arkanius commented Apr 6, 2021

Looks we could apply the realpath in both cases

@Arkanius
Copy link
Contributor

Arkanius commented Apr 7, 2021

Maybe we could use the "finder": https://github.com/laravel/octane/pull/112/files

@aftabnaveed
Copy link
Author

How would that fix the symlink problem?

@aftabnaveed
Copy link
Author

BTW why is realpath being used here?

@Arkanius
Copy link
Contributor

Arkanius commented Apr 7, 2021

see #462

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants