YGGverse/next
1
0
Fork 0
mirror of https://github.com/YGGverse/next.git synced 2025-01-26 23:04:49 +00:00
Code Issues Projects Releases Wiki Activity

trim request, fix hidden files request detection

Browse Source
This commit is contained in:
yggverse 2024-04-27 21:40:47 +03:00
parent a22529a1a8
commit 3b872904c6
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/nex.php
View File

@ -185,6 +185,11 @@ $server->start(
// Define response // Define response
$response = null; $response = null;
// Filter request
$request = trim(
$request
);
// Build realpath // Build realpath
$realpath = realpath( $realpath = realpath(
NEXT_PATH . filter_var( NEXT_PATH . filter_var(
@ -204,8 +209,8 @@ $server->start(
) . DIRECTORY_SEPARATOR; ) . DIRECTORY_SEPARATOR;
} }
// Validate realpath exists, started with path defined and destination resource is not hidden // Validate realpath exists, started with path defined and not contains hidden entities
if ($realpath && str_starts_with($realpath, NEXT_PATH) && !str_starts_with(basename($realpath), '.')) if ($realpath && str_starts_with($realpath, NEXT_PATH) && false === strpos($realpath, DIRECTORY_SEPARATOR . '.'))
{ {
// Try directory // Try directory
if (is_dir($realpath)) if (is_dir($realpath))
@ -307,7 +312,7 @@ $server->start(
(string) (int) !empty($response), (string) (int) !empty($response),
(string) parse_url($connect, PHP_URL_HOST), (string) parse_url($connect, PHP_URL_HOST),
(string) parse_url($connect, PHP_URL_PORT), (string) parse_url($connect, PHP_URL_PORT),
(string) str_replace('%', '%%', empty($request) ? '/' : trim($request)), (string) str_replace('%', '%%', empty($request) ? '/' : $request),
(string) str_replace('%', '%%', $realpath) (string) str_replace('%', '%%', $realpath)
], ],
NEXT_DUMP NEXT_DUMP