public function pathMustBeInRepository($path, $secure)
{
if (!$path) {
return;
}
if ($path && substr($path, -1) != '/') {
$path .= '/';
}
$relativePath = ipFile('file/repository/' . $path);
if ($secure) {
$relativePath = ipFile('file/secure/' . $path);
}
//check if we are still in the repository dir (to prevent listing files outside of the repository)
$relpath = realpath($relativePath);
if ($secure) {
if (strpos($relpath, realpath(ipFile('file/secure/'))) !== 0) {
throw new \Ip\Exception("Restricted directory");
}
} else {
if (strpos($relpath, realpath(ipFile('file/repository/'))) !== 0) {
throw new \Ip\Exception("Restricted directory");
}
}
}