search

laravel / folio

Page based routing for Laravel.
MIT License
568 stars 46 forks source link

Exceptions PossibleDirectoryTraversal in Windows system #44

Closed komtcho closed 1 year ago

komtcho commented 1 year ago

Folio Version

1.0.0-beta.1

Laravel Version

10.16.1

PHP Version

8.1.10

Description

When trying on a Windows system, I found a problem with verifying that the blade file exists at Laravel\Folio\Pipeline\EnsureNoDirectoryTraversal class.

image

if (! Str::of(realpath($view->path))->startsWith($state->mountPath.'/')) {
    throw new PossibleDirectoryTraversal;
}

And I solved the problem through the use DIRECTORY_SEPARATOR to be

if (! Str::of(realpath($view->path))->startsWith($state->mountPath . DIRECTORY_SEPARATOR)) {
    throw new PossibleDirectoryTraversal;
}

Thanks,

Steps To Reproduce

  1. Install laravel/folio:^1.0@beta.
  2. Run php artisan folio:install.
  3. Create pages/schedule.blade.php file
taylorotwell commented 1 year ago

PRs welcome.

github-actions[bot] commented 1 year ago

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!