opendir() doesn't check that is_dir()

Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

opendir() doesn't check that is_dir()

Post by cmb » Thu Jun 09, 2016 12:03 pm

While working on a fix for "Filebrowser doesn't properly escape subdir" I've noticed that CMSimple_XH uses opendir() without verifying that the given directory is actually is_dir(). That's not a real problem, because as of CMSimple_XH 1.5.9 then opendir() result is explicitly checked, so no harm should occur. However, if the directory doesn't exits it will result in a nasty PHP warning, so I suggest to fix this by checking for is_dir().

Not sure, if that should go to CMSimple_XH 1.6.8 or be postponed until XH 1.7. I'm putting it on the XH 1.6.8 roadmap for further discussion and vote.
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply