PicoDeprecated: Sanitize content_dir and base_url options when reading config.php in Picos root dir

This commit is contained in:
Daniel Rudolf 2015-11-13 19:10:30 +01:00
parent 282b7ce16c
commit c72ea0ecec
3 changed files with 24 additions and 7 deletions

View file

@ -10,6 +10,8 @@ Released: -
* [New] New `markdown` filter for Twig to parse markdown strings; Note: If you * [New] New `markdown` filter for Twig to parse markdown strings; Note: If you
want to parse the contents of a page, use the `content` filter instead want to parse the contents of a page, use the `content` filter instead
* [Changed] Reuse `ParsedownExtra` object; new `onParsedownRegistration` event * [Changed] Reuse `ParsedownExtra` object; new `onParsedownRegistration` event
* [Fixed] `PicoDeprecated`: Sanitize `content_dir` and `base_url` options when
reading `config.php` in Picos root dir
* [Fixed] Replace `urldecode()` (deprecated RFC 1738) with `rawurldecode()` * [Fixed] Replace `urldecode()` (deprecated RFC 1738) with `rawurldecode()`
(RFC 3986) in `Page::evaluateRequestUrl()` (RFC 3986) in `Page::evaluateRequestUrl()`
* [Fixed] #272: Encode URLs using `rawurlencode()` in `Pico::getPageUrl()` * [Fixed] #272: Encode URLs using `rawurlencode()` in `Pico::getPageUrl()`

View file

@ -446,6 +446,10 @@ class Pico
protected function loadConfig() protected function loadConfig()
{ {
$config = null; $config = null;
if (file_exists($this->getConfigDir() . 'config.php')) {
require($this->getConfigDir() . 'config.php');
}
$defaultConfig = array( $defaultConfig = array(
'site_title' => 'Pico', 'site_title' => 'Pico',
'base_url' => '', 'base_url' => '',
@ -460,11 +464,6 @@ class Pico
'timezone' => '' 'timezone' => ''
); );
$configFile = $this->getConfigDir() . 'config.php';
if (file_exists($configFile)) {
require $configFile;
}
$this->config = is_array($this->config) ? $this->config : array(); $this->config = is_array($this->config) ? $this->config : array();
$this->config += is_array($config) ? $config + $defaultConfig : $defaultConfig; $this->config += is_array($config) ? $config + $defaultConfig : $defaultConfig;
@ -1308,7 +1307,7 @@ class Pico
* @param string $path relative or absolute path * @param string $path relative or absolute path
* @return string absolute path * @return string absolute path
*/ */
protected function getAbsolutePath($path) public function getAbsolutePath($path)
{ {
if (substr($path, 0, 1) !== '/') { if (substr($path, 0, 1) !== '/') {
$path = $this->getRootDir() . $path; $path = $this->getRootDir() . $path;

View file

@ -170,11 +170,27 @@ class PicoDeprecated extends AbstractPicoPlugin
protected function loadRootDirConfig(&$realConfig) protected function loadRootDirConfig(&$realConfig)
{ {
if (file_exists($this->getRootDir() . 'config.php')) { if (file_exists($this->getRootDir() . 'config.php')) {
// config.php in Pico::$rootDir is deprecated; use Pico::$configDir instead // config.php in Pico::$rootDir is deprecated
// use config.php in Pico::$configDir instead
$config = null; $config = null;
require($this->getRootDir() . 'config.php'); require($this->getRootDir() . 'config.php');
if (is_array($config)) { if (is_array($config)) {
if (array_key_exists('base_url', $config)) {
if (!empty($config['base_url'])) {
$config['base_url'] = rtrim($config['base_url'], '/') . '/';
} else {
unset($config['base_url']);
}
}
if (array_key_exists('content_dir', $config)) {
if (!empty($config['content_dir'])) {
$config['content_dir'] = $this->getAbsolutePath($config['content_dir']);
} else {
unset($config['content_dir']);
}
}
$realConfig = $config + $realConfig; $realConfig = $config + $realConfig;
} }
} }