public function resolve($name)
{
if ($this->isLfiProtectionOn() && preg_match('#\\.\\.[\\\\/]#', $name)) {
return null;
}
foreach ($this->getPaths() as $path) {
$file = new SplFileInfo($path . $name);
if ($file->isReadable() && !$file->isDir()) {
$filePath = $file->getRealPath();
$mimeType = $this->getMimeResolver()->getMimeType($filePath);
$asset = new FileAsset($filePath);
$asset->mimetype = $mimeType;
return $asset;
}
}
return null;
}
public function testLfiProtection() { $mimeResolver = new MimeResolver(); $resolver = new PathStackResolver(); $resolver->setMimeResolver($mimeResolver); // should be on by default $this->assertTrue($resolver->isLfiProtectionOn()); $resolver->addPath(__DIR__); $this->assertNull($resolver->resolve('..' . DIRECTORY_SEPARATOR . basename(__DIR__) . DIRECTORY_SEPARATOR . basename(__FILE__))); $resolver->setLfiProtection(false); $this->assertEquals(file_get_contents(__FILE__), $resolver->resolve('..' . DIRECTORY_SEPARATOR . basename(__DIR__) . DIRECTORY_SEPARATOR . basename(__FILE__))->dump()); }