search

laravel / folio

Page based routing for Laravel.
MIT License
568 stars 46 forks source link

On Windows Laravel Folio throws always a PossibleDirectoryTraversal Exception #52

Closed fabiosozzi closed 1 year ago

fabiosozzi commented 1 year ago

Folio Version

v1.0.0-beta.1

Laravel Version

v10.16.1

PHP Version

8.1.10

Description

I'm using Laravel with Laragon on Windows, every time I try to load some blade file in the default Folio folder ('/view/pages') Laravel throws a PossibleDirectoryTraversal Exception.

Looking in the sources of the package, the problem seems located in vendor/laravel/folio/src/Pipeline/EnsureNoDirectoryTraversal.php at row 22:

if (! Str::of(realpath($view->path))->startsWith($state->mountPath.'/')) { throw new PossibleDirectoryTraversal; }

Using dd() the result of realpath($view->path) has a different ending char than $state->mountPath.'/'

realpath($view->path) => C:\laragon\www\filamentv3\resources\views\pages\index.blade.php"
$state->mountPath.'/' => "C:\laragon\www\filamentv3\resources\views\pages/"

Steps To Reproduce

  1. Install Laravel Folio
  2. Delete default route
  3. Create a page with php artisan make:folio index
  4. Try to load the the folio route with the browser
driesvints commented 1 year ago

We have this solved already. It'll be in the next beta. Thanks!

fabiosozzi commented 1 year ago

Sorry, I did not see that it was already solved. Thank you for your great job!