Ip\Internal\Repository\BrowserModel::pathMustBeInRepository PHP Метод

pathMustBeInRepository() публичный Метод

Throw an exception if path goes out of repository dir
public pathMustBeInRepository ( $path, $secure )
$path
$secure
    public function pathMustBeInRepository($path, $secure)
    {
        if (!$path) {
            return;
        }
        if ($path && substr($path, -1) != '/') {
            $path .= '/';
        }
        $relativePath = ipFile('file/repository/' . $path);
        if ($secure) {
            $relativePath = ipFile('file/secure/' . $path);
        }
        //check if we are still in the repository dir (to prevent listing files outside of the repository)
        $relpath = realpath($relativePath);
        if ($secure) {
            if (strpos($relpath, realpath(ipFile('file/secure/'))) !== 0) {
                throw new \Ip\Exception("Restricted directory");
            }
        } else {
            if (strpos($relpath, realpath(ipFile('file/repository/'))) !== 0) {
                throw new \Ip\Exception("Restricted directory");
            }
        }
    }