Skip to content

Commit

Permalink
Merge pull request #686 from rezasys2/master
Browse files Browse the repository at this point in the history 
Fix path traversal on Laravel 10
  • Loading branch information
@shalvah
shalvah authored Jun 30, 2023
2 parents ff729f6 + 8ea1365 commit 75fe8a5
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions src/Writing/Writer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ protected function performFinalTasksForLaravelType(): void
if (!is_dir($this->laravelTypeOutputPath)) {
mkdir($this->laravelTypeOutputPath, 0777, true);
}
$publicDirectory = app()->get('path.public');
$publicDirectory = public_path();
if (!is_dir($publicDirectory . $this->laravelAssetsPath)) {
mkdir($publicDirectory . $this->laravelAssetsPath, 0777, true);
}
Expand All @@ -180,8 +180,8 @@ protected function performFinalTasksForLaravelType(): void
// Rewrite asset links to go through Laravel
$contents = preg_replace('#href="\.\./docs/css/(.+?)"#', 'href="{{ asset("' . $this->laravelAssetsPath . '/css/$1") }}"', $contents);
$contents = preg_replace('#src="\.\./docs/(js|images)/(.+?)"#', 'src="{{ asset("' . $this->laravelAssetsPath . '/$1/$2") }}"', $contents);
$contents = str_replace('href="../docs/collection.json"', 'href="{{ route("'.$this->docsName.'.postman") }}"', $contents);
$contents = str_replace('href="../docs/openapi.yaml"', 'href="{{ route("'.$this->docsName.'.openapi") }}"', $contents);
$contents = str_replace('href="../docs/collection.json"', 'href="{{ route("' . $this->docsName . '.postman") }}"', $contents);
$contents = str_replace('href="../docs/openapi.yaml"', 'href="{{ route("' . $this->docsName . '.openapi") }}"', $contents);

file_put_contents("$this->laravelTypeOutputPath/index.blade.php", $contents);
}
Expand All @@ -206,9 +206,9 @@ public function writeHtmlDocs(array $groupedEndpoints): void
$assetsOutputPath = $outputPath;
} else {
$outputPath = rtrim($this->laravelTypeOutputPath, '/') . '/';
c::success("Wrote Blade docs to: ". $this->makePathFriendly($outputPath));
c::success("Wrote Blade docs to: " . $this->makePathFriendly($outputPath));
$this->generatedFiles['blade'] = realpath("{$outputPath}index.blade.php");
$assetsOutputPath = app()->get('path.public') . $this->laravelAssetsPath . '/';
$assetsOutputPath = public_path() . $this->laravelAssetsPath . '/';
c::success("Wrote Laravel assets to: " . $this->makePathFriendly($assetsOutputPath));
}
$this->generatedFiles['assets']['js'] = realpath("{$assetsOutputPath}js");
Expand All @@ -228,7 +228,7 @@ protected function getLaravelTypeOutputPath(): ?string
{
if ($this->isStatic) return null;

return config('view.paths.0', function_exists('base_path') ? base_path("resources/views") : "resources/views")."/$this->docsName";
return config('view.paths.0', function_exists('base_path') ? base_path("resources/views") : "resources/views") . "/$this->docsName";
}

/**
Expand All @@ -241,5 +241,4 @@ protected function makePathFriendly(string $path): string
{
return str_replace("\\", "/", str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $path));
}

}

0 comments on commit 75fe8a5

Please sign in to comment.