Skip to content

Commit

Permalink
Merge pull request #39 from migliori/master
Browse files Browse the repository at this point in the history 
Sanitize directory separators
  • Loading branch information
@thelfensdrfer
thelfensdrfer authored Jun 18, 2018
2 parents 79eb8b8 + e5a5315 commit a9750d3
Showing 1 changed file with 18 additions and 13 deletions.
31 changes: 18 additions & 13 deletions src/AutoUpdate.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,10 +406,11 @@ private function _removeDir($dir)

$objects = array_diff(scandir($dir), array('.', '..'));
foreach ($objects as $object) {
if (is_dir($dir . DIRECTORY_SEPARATOR . $object))
if (is_dir($dir . DIRECTORY_SEPARATOR . $object)) {
$this->_removeDir($dir . DIRECTORY_SEPARATOR . $object);
else
} else {
unlink($dir . DIRECTORY_SEPARATOR . $object);
}
}

return rmdir($dir);
Expand All @@ -435,8 +436,9 @@ public function checkUpdate()

// Create absolute url to update file
$updateFile = $this->_updateUrl . '/' . $this->_updateFile;
if (!empty($this->_branch))
if (!empty($this->_branch)) {
$updateFile .= '.' . $this->_branch;
}

// Check if cache is empty
if ($versions === null || $versions === false) {
Expand Down Expand Up @@ -495,8 +497,9 @@ public function checkUpdate()
// Check for latest version
foreach ($versions as $version => $updateUrl) {
if (Comparator::greaterThan($version, $this->_currentVersion)) {
if (Comparator::greaterThan($version, $this->_latestVersion))
if (Comparator::greaterThan($version, $this->_latestVersion)) {
$this->_latestVersion = $version;
}

$this->_updates[] = [
'version' => $version,
Expand Down Expand Up @@ -631,8 +634,9 @@ protected function _simulateInstall($updateFile)
}

// Skip if entry is a directory
if (substr($filename, -1, 1) == DIRECTORY_SEPARATOR)
if (substr($filename, -1, 1) == DIRECTORY_SEPARATOR) {
continue;
}

// Read file contents from archive
$contents = zip_entry_read($file, zip_entry_filesize($file));
Expand Down Expand Up @@ -715,10 +719,9 @@ protected function _install($updateFile, $simulateInstall, $version)

// Read every file from archive
while ($file = zip_read($zip)) {
$filename = zip_entry_name($file);
$foldername = $this->_installDir . dirname($filename);
$absoluteFilename = $this->_installDir . $filename;

$filename = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, zip_entry_name($file));
$foldername = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $this->_installDir . dirname($filename));
$absoluteFilename = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $this->_installDir . $filename);
$this->_log->addDebug(sprintf('Updating file "%s"', $filename));

if (!is_dir($foldername)) {
Expand All @@ -730,8 +733,9 @@ protected function _install($updateFile, $simulateInstall, $version)
}

// Skip if entry is a directory
if (substr($filename, -1, 1) == DIRECTORY_SEPARATOR)
if (substr($filename, -1, 1) == DIRECTORY_SEPARATOR) {
continue;
}

// Read file contents from archive
$contents = zip_entry_read($file, zip_entry_filesize($file));
Expand Down Expand Up @@ -814,8 +818,9 @@ public function update($simulateInstall = true, $deleteDownload = true)
$this->_log->addInfo('Trying to perform update');

// Check for latest version
if ($this->_latestVersion === null || count($this->_updates) === 0)
if ($this->_latestVersion === null || count($this->_updates) === 0) {
$this->checkUpdate();
}

if ($this->_latestVersion === null || count($this->_updates) === 0) {
$this->_log->addError('Could not get latest version from server!');
Expand Down Expand Up @@ -901,8 +906,9 @@ public function update($simulateInstall = true, $deleteDownload = true)
*/
public function addTrailingSlash($dir)
{
if (substr($dir, -1) != DIRECTORY_SEPARATOR)
if (substr($dir, -1) != DIRECTORY_SEPARATOR) {
$dir = $dir . DIRECTORY_SEPARATOR;
}

return $dir;
}
Expand Down Expand Up @@ -936,5 +942,4 @@ public function runOnAllUpdateFinishCallbacks($updatedVersions)
call_user_func($callback, $updatedVersions);
}
}

}

0 comments on commit a9750d3

Please sign in to comment.