Merging PR from sunhater/kcfinder sunhater#136 that fixes symlink pro…

…blem See PR at https://github.com/sunhater/kcfinder/pull/136/files#diff-28ad25e2732bc428e58ddeb0df8f017b
djozsef · Dec 23, 2017 · fd011d9 · fd011d9
1 parent 6dd8c51
commit fd011d9
Showing 1 changed file with 24 additions and 12 deletions.
diff --git a/core/class/uploader.php b/core/class/uploader.php
@@ -169,29 +169,29 @@ public function __construct() {
             list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
             $path = path::normalize($path);
             $this->config['uploadURL'] = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/$path";
-            $this->config['uploadDir'] = strlen($this->config['uploadDir'])
+            $this->config['uploadDir'] = $this->realpath(strlen($this->config['uploadDir'])
                 ? path::normalize($this->config['uploadDir'])
-                : path::url2fullPath("/$path");
-            $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
+                : path::url2fullPath("/$path"));
+            $this->typeDir = $this->realpath("{$this->config['uploadDir']}/{$this->type}");
             $this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
 
         // SITE ROOT
         } elseif ($this->config['uploadURL'] == "/") {
-            $this->config['uploadDir'] = strlen($this->config['uploadDir'])
+            $this->config['uploadDir'] = $this->realpath(strlen($this->config['uploadDir'])
                 ? path::normalize($this->config['uploadDir'])
-                : path::normalize(realpath($_SERVER['DOCUMENT_ROOT']));
-            $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
+                : path::normalize(realpath($_SERVER['DOCUMENT_ROOT'])));
+            $this->typeDir = $this->realpath("{$this->config['uploadDir']}/{$this->type}");
             $this->typeURL = "/{$this->type}";
 
         // ABSOLUTE & RELATIVE
         } else {
             $this->config['uploadURL'] = (substr($this->config['uploadURL'], 0, 1) === "/")
                 ? path::normalize($this->config['uploadURL'])
                 : path::rel2abs_url($this->config['uploadURL']);
-            $this->config['uploadDir'] = strlen($this->config['uploadDir'])
+            $this->config['uploadDir'] = $this->realpath(strlen($this->config['uploadDir'])
                 ? path::normalize($this->config['uploadDir'])
-                : path::url2fullPath($this->config['uploadURL']);
-            $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
+                : path::url2fullPath($this->config['uploadURL']));
+            $this->typeDir = $this->realpath("{$this->config['uploadDir']}/{$this->type}");
             $this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
         }
 
@@ -261,6 +261,20 @@ public function __construct() {
         }
     }
 
+    protected function realpath($path) {
+        // PHP's realpath() does not work on files that don't exist, but
+        // there might be a symlink somewhere in the path so we need to
+        // check it.
+        $existing_path = $path;
+        while (!file_exists($existing_path)) {
+            $existing_path = dirname($existing_path);
+        }
+        $rPath = realpath($existing_path) . substr($path, strlen($existing_path));
+        if (strtoupper(substr(PHP_OS, 0, 3)) == "WIN")
+            $rPath = str_replace("\\", "/", $rPath);
+        return $rPath;
+    }
+
     public function upload() {
         $config = &$this->config;
         $file = &$this->file;
@@ -355,9 +369,7 @@ protected function normalizeDirname($dirname) {
     }
 
     protected function checkFilePath($file) {
-        $rPath = realpath($file);
-        if (strtoupper(substr(PHP_OS, 0, 3)) == "WIN")
-            $rPath = str_replace("\\", "/", $rPath);
+        $rPath = $this->realpath($file);
         return (substr($rPath, 0, strlen($this->typeDir)) === $this->typeDir);
     }