YGGverse
/
next
mirror of https://github.com/YGGverse/next.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

trim request, fix hidden files request detection

nex-php
yggverse 7 months ago
parent
a22529a1a8
commit
3b872904c6
1 changed files with 8 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      src/nex.php

11
src/nex.php
Unescape View File

@ -185,6 +185,11 @@ $server->start(
// Define response // Define response
$response = null; $response = null;
// Filter request
$request = trim(
$request
);
// Build realpath // Build realpath
$realpath = realpath( $realpath = realpath(
NEXT_PATH . filter_var( NEXT_PATH . filter_var(
@ -204,8 +209,8 @@ $server->start(
) . DIRECTORY_SEPARATOR; ) . DIRECTORY_SEPARATOR;
} }
// Validate realpath exists, started with path defined and destination resource is not hidden // Validate realpath exists, started with path defined and not contains hidden entities
if ($realpath && str_starts_with($realpath, NEXT_PATH) && !str_starts_with(basename($realpath), '.')) if ($realpath && str_starts_with($realpath, NEXT_PATH) && false === strpos($realpath, DIRECTORY_SEPARATOR . '.'))
{ {
// Try directory // Try directory
if (is_dir($realpath)) if (is_dir($realpath))
@ -307,7 +312,7 @@ $server->start(
(string) (int) !empty($response), (string) (int) !empty($response),
(string) parse_url($connect, PHP_URL_HOST), (string) parse_url($connect, PHP_URL_HOST),
(string) parse_url($connect, PHP_URL_PORT), (string) parse_url($connect, PHP_URL_PORT),
(string) str_replace('%', '%%', empty($request) ? '/' : trim($request)), (string) str_replace('%', '%%', empty($request) ? '/' : $request),
(string) str_replace('%', '%%', $realpath) (string) str_replace('%', '%%', $realpath)
], ],
NEXT_DUMP NEXT_DUMP

Write Preview
Loading…
Cancel
Save