for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
/**
* @license MIT
* @author Igor Sorokin <[email protected]>
*/
namespace Dspbee\Bundle\Common;
* Class TFileSystem
* @package Dspbee\Bundle\Common
trait TFileSystem
{
* Deleting all subdirectories and files.
*
* @param string $dir Path to the directory
* @param bool $self If true then delete root directory
private static function removeFromDir($dir, $self = false)
if (is_dir($dir)) {
$objects = scandir($dir);
$dir
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); }
For numeric data, we recommend to explicitly cast the data:
$sanitized = (integer) $tainted;
foreach ($objects as $object) {
if ('.' != $object && '..' != $object) {
if ('dir' == filetype($dir . '/' .$object)) {
self::removeFromDir($dir . '/' . $object, true);
} else {
unlink($dir . '/' . $object);
$dir . '/' . $object
}
if ($self) {
reset($objects);
if (count(scandir($dir)) == 2) {
rmdir($dir);
dspbee /
pivasic
Loading history...
$dircan contain request data and is used in file inclusion context(s) leading to a potential security vulnerability.General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); }For numeric data, we recommend to explicitly cast the data: