refix file safety problem by php open_basedir

2025-01-31 13:12:47 +08:00 · 2023-05-19 18:05:07 +08:00 · 2023-05-19 18:05:07 +08:00 · b17dd3cfeb
commit b17dd3cfeb
parent b445eeb2d5
5 changed files with 10 additions and 5 deletions
--- a/config.php
+++ b/config.php
@ -0,0 +1,7 @@
+<?php
+
+ini_set(
+	'open_basedir',
+	!($open_basedir = ini_get('open_basedir')) ? "" : "$open_basedir:" .
+		__DIR__
+);
--- a/constant.php
+++ b/constant.php
@ -2,6 +2,6 @@

 const APP_NAME = "ph-Bookshelf";

-const VERSION = "0.5.0-alpha6";
+const VERSION = "0.5.0-alpha7";
 const CHANNEL = "suk-ws";
 const BRANCH = "config-v2.0";
--- a/index.php
+++ b/index.php
@ -1,5 +1,6 @@
 <?php

+require "./config.php";
 require "./constant.php";
 require "./vendor/autoload.php";

--- a/src/Resource/Resource.php
+++ b/src/Resource/Resource.php
@ -7,8 +7,5 @@ class Resource {
 	public static function getRealRootPath (): string {
 		return realpath("./");
 	}
-	public static function checkSafety (string $checked): bool {
-		return str_starts_with(realpath($checked), self::getRealRootPath());
-	}
 	
 }
--- a/src/Utils/PageParse.php
+++ b/src/Utils/PageParse.php
@ -22,7 +22,7 @@ class PageParse {
 		// 将utf8编码转换成gbk编码，否则，中文名称的文件无法打开
 		//		$filePath = iconv('UTF-8', 'gbk', $filePath);
 		// 检查文件是否可读
-		if (!is_file($filePath) || !is_readable($filePath) || !Resource::checkSafety($filePath)) {
+		if (!is_file($filePath) || !is_readable($filePath)) {
 			exit("File Can't Read!");
 		}
 		// 判定文件类型