80 if (!$this->_messageTemplates) {
81 $this->_messageTemplates = [
82 self::PROTECTED_PATH =>
__(
'Path "%value%" is protected and cannot be used.'),
83 self::NOT_AVAILABLE_PATH =>
__(
'Path "%value%" is not available and cannot be used.'),
84 self::PROTECTED_LFI =>
__(
'Path "%value%" may not include parent directory traversal ("../", "..\\").'),
99 if (isset(
$paths[
'available']) && is_array(
$paths[
'available'])) {
100 $this->_availablePaths =
$paths[
'available'];
102 if (isset(
$paths[
'protected']) && is_array(
$paths[
'protected'])) {
103 $this->_protectedPaths =
$paths[
'protected'];
116 $this->_protectedPaths =
$paths;
128 if (is_array(
$path)) {
129 $this->_protectedPaths = array_merge($this->_protectedPaths,
$path);
131 $this->_protectedPaths[] =
$path;
154 $this->_availablePaths =
$paths;
166 if (is_array(
$path)) {
167 $this->_availablePaths = array_merge($this->_availablePaths,
$path);
169 $this->_availablePaths[] =
$path;
201 if (!$this->_availablePaths && !$this->_protectedPaths) {
202 throw new \Exception(
__(
'Please set available and/or protected paths list(s) before validation.'));
205 if (preg_match(
'#\.\.[\\\/]#', $this->_value)) {
206 $this->
_error(self::PROTECTED_LFI, $this->_value);
211 $value = str_replace(
'\\',
'/', $this->_value);
212 $valuePathInfo = pathinfo(ltrim(
$value,
'\\/'));
213 if ($valuePathInfo[
'dirname'] ==
'.' || $valuePathInfo[
'dirname'] ==
'/') {
214 $valuePathInfo[
'dirname'] =
'';
217 if ($this->_protectedPaths && !$this->
_isValidByPaths($valuePathInfo, $this->_protectedPaths,
true)) {
218 $this->
_error(self::PROTECTED_PATH, $this->_value);
221 if ($this->_availablePaths && !$this->
_isValidByPaths($valuePathInfo, $this->_availablePaths,
false)) {
222 $this->
_error(self::NOT_AVAILABLE_PATH, $this->_value);
243 if (!isset($this->_pathsData[
$path][
'regFilename'])) {
244 $pathInfo = pathinfo(
$path);
245 $options[
'file_mask'] = $pathInfo[
'basename'];
246 if ($pathInfo[
'dirname'] ==
'.' || $pathInfo[
'dirname'] ==
'/') {
247 $pathInfo[
'dirname'] =
'';
249 $pathInfo[
'dirname'] = str_replace(
'\\',
'/', $pathInfo[
'dirname']);
251 $options[
'dir_mask'] = $pathInfo[
'dirname'];
258 if (
false !== strpos(
$options[
'file_mask'],
'*')) {
259 if (!isset($this->_pathsData[
$path][
'regFilename'])) {
262 $reg = str_replace(
'.',
'\.', $reg);
263 $reg = str_replace(
'*',
'.*?', $reg);
264 $reg =
"/^({$reg})\$/";
266 $reg = $this->_pathsData[
$path][
'regFilename'];
268 $resultFile = preg_match($reg, $valuePathInfo[
'basename']);
270 $resultFile =
$options[
'file_mask'] == $valuePathInfo[
'basename'];
275 if (!isset($this->_pathsData[
$path][
'regDir'])) {
277 $reg = str_replace(
'.',
'\.', $reg);
278 $reg = str_replace(
'*\\',
'||', $reg);
279 $reg = str_replace(
'*/',
'||', $reg);
281 $reg = str_replace(
'/',
'[\\/]', $reg);
282 $reg = str_replace(
'?',
'([^\\/]+)', $reg);
283 $reg = str_replace(
'||',
'(.*[\\/])?', $reg);
284 $reg =
"/^{$reg}\$/";
286 $reg = $this->_pathsData[
$path][
'regDir'];
288 $resultDir = preg_match($reg, $valuePathInfo[
'dirname'] .
'/');
290 if ($protected && ($resultDir && $resultFile)) {
292 }
elseif (!$protected && ($resultDir && $resultFile)) {
elseif(isset( $params[ 'redirect_parent']))
_error($messageKey, $value=null)