Directory Traversal option wrong logic?

flipzoom / ProcessWire-AIOM-All-In-One-Minify

AIOM+ (All In One Minify) is a ProcessWire module to easily improve the performance of your website. By a simple function call Stylesheets, LESS and Javascript files can be parsed, minimized and combined into one single file. This reduces the server requests, loading time and minimizes the traffic. In addition, the generated HTML source code can be minimized and all generated files can be loaded over a cookieless domain (domain sharding).

MIT License

33 stars 26 forks source link

Directory Traversal option wrong logic? #21

Closed somatonic closed 10 years ago

somatonic commented 10 years ago

$_path  = (self::$directoryTraversal !== true) ? str_ireplace(array('../', './', '%2e%2e%2f', '..%2F'), '', wire('config')->paths->templates.$_file) : wire('config')->paths->templates.$_file;

This is true when the option is disabled,

self::$directoryTraversal   = ($this->directory_traversal == 1) ? true : false;

If option to traverse files is enabled (checkbox) the "self::$directoryTraversal" will be "true"

Do I miss something?

somatonic commented 10 years ago

Hmm seems to work correctly, but don't get it. If all is ok ignore this.

marvinscharle commented 10 years ago

Hi soma,

I also do think, that this looks correctly. If something is not working properly, please open a new ticket.

Thank you!