Merge branch 'hotline#32112_faille_secu_explorateur_fichiers' into 'stable'

Hotline#32112 faille secu explorateur fichiers See merge request !1218

Merge branch 'hotline#32112_faille_secu_explorateur_fichiers' into 'stable'
Hotline#32112 faille secu explorateur fichiers See merge request !1218
4ce80eeb · Patrick Barroca · 24777650 · e7182bb0 · 4ce80eeb · 4ce80eeb
Commit 4ce80eeb authored 9 years ago by Patrick Barroca
--- a/ckeditor/core_five_filemanager/connectors/php/filemanager.config.php
+++ b/ckeditor/core_five_filemanager/connectors/php/filemanager.config.php
@@ -22,7 +22,8 @@ function auth() {
  $base_path = __DIR__ . '/../../../../'; // :)
  require_once($base_path . 'cosmogramme/php/classes/classe_cosmopaths.php');
-  $cosmo_path = new CosmoPaths('ckeditor');
+  CosmoPaths::setDirName('ckeditor');
+  $cosmo_path = new CosmoPaths();
  define('BASE_URL', $cosmo_path->getBaseUrl());
  define('USERFILESPATH', $cosmo_path->getUserfilesPath());

--- a/cosmogramme/php/classes/classe_cosmopaths.php
+++ b/cosmogramme/php/classes/classe_cosmopaths.php
@@ -20,19 +20,18 @@
 */
 class CosmoPaths {
-  protected
+  protected static $_dir_name = 'cosmogramme';
-    $_root_dir_name,
+  protected $_filesystem;
-    $_filesystem;
-  public function __construct($root_dir_name = 'cosmogramme') {
+  public static function setDirName($name) {
-    $this->_root_dir_name = $root_dir_name;
+    static::$_dir_name = $name;
  }
  public function getBasePath() {
    $parts = array_filter(explode('/', $this->getFilePath()));
-    while ((count($parts)>0) && (end($parts) !== $this->_root_dir_name))
+    while ((count($parts)>0) && (end($parts) !== static::$_dir_name))
      array_pop($parts);
    array_pop($parts);
    return ($this->isWindowsPath() ? '' : '/')  . implode('/', $parts) . '/';
@@ -58,7 +57,7 @@ class CosmoPaths {
  public function getConfigPath() {
-    return $this->getBasePath() . $this->_root_dir_name . '/config.php';
+    return $this->getBasePath() . static::$_dir_name . '/config.php';
  }
@@ -72,7 +71,7 @@ class CosmoPaths {
      return '/' . $this->getSite();
    $parts = array_filter(explode('/', $_SERVER['SCRIPT_NAME']));
-    while ((count($parts)>0) && (end($parts) !== $this->_root_dir_name))
+    while ((count($parts)>0) && (end($parts) !== static::$_dir_name))
      array_pop($parts);
    array_pop($parts);
    return $parts
@@ -82,7 +81,7 @@ class CosmoPaths {
  public function getCosmoBaseUrl() {
-    return $this->getBaseUrl() . '/' . $this->_root_dir_name . '/';
+    return $this->getBaseUrl() . '/' . static::$_dir_name . '/';
  }
@@ -99,11 +98,11 @@ class CosmoPaths {
  protected function getFilePath() {
    if (isset($_SERVER['SCRIPT_FILENAME'])
-        && false !== strpos($_SERVER['SCRIPT_FILENAME'], $this->_root_dir_name))
+        && false !== strpos($_SERVER['SCRIPT_FILENAME'], static::$_dir_name))
      return $_SERVER['SCRIPT_FILENAME'];
    $current_path = $this->getFileSystem()->getcwd();
-    if (false !== strpos($current_path, $this->_root_dir_name))
+    if (false !== strpos($current_path, static::$_dir_name))
      return $current_path;
    return realpath(dirname(__FILE__));