WordPress.org
Get WordPress

Plugin Directory

Changeset 3406649


Ignore:
Timestamp:
12/01/2025 10:00:53 AM (4 months ago)
Author:
sverde1
Message:

Fixed issues with phpcs and updated open_basedir safe check

Location:
dashboard-available-disk-space
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • dashboard-available-disk-space/tags/1.1.1/class-dashboard-available-disk-space.php

    r3406593 r3406649  
    2424    public function __construct() {
    2525        // Register installer function.
    26         register_activation_hook( __FILE__, array( $this, 'activate_dads' ) );
     26        register_activation_hook( DADS_LOADER, array( $this, 'activate_dads' ) );
    2727
    2828        add_filter( 'plugin_row_meta', array( $this, 'add_plugin_links' ), 10, 2 );
     
    160160
    161161        // Check that the dir we are checking is available.
    162         if ( ! is_dir( $dir ) ) {
     162        if ( ! is_dir( $dir ) || ! $this->is_path_allowed_for_disk_stats( $dir ) ) {
    163163            return false;
    164164        }
    165165
    166         $disk_free_space  = disk_free_space( $dir );
    167         $disk_total_space = disk_total_space( $dir );
     166        $disk_free_space  = function_exists( 'disk_free_space' ) ? disk_free_space( $dir ) : false;
     167        $disk_total_space = function_exists( 'disk_total_space' ) ? disk_total_space( $dir ) : false;
    168168
    169169        // Check if disk info is available.
     
    188188
    189189    /**
     190     * Ensure disk stat calls are allowed within open_basedir restrictions.
     191     *
     192     * @param string $dir Directory path being checked.
     193     * @return bool True if path is allowed, false otherwise.
     194     */
     195    private function is_path_allowed_for_disk_stats( $dir ) {
     196        $open_basedir = ini_get( 'open_basedir' );
     197        if ( '' === $open_basedir ) {
     198            return true;
     199        }
     200
     201        $allowed = array_filter( array_map( 'trim', explode( PATH_SEPARATOR, $open_basedir ) ) );
     202        foreach ( $allowed as $path ) {
     203            if ( '' !== $path && 0 === strpos( $dir, $path ) ) {
     204                return true;
     205            }
     206        }
     207
     208        return false;
     209    }
     210
     211    /**
    190212     * Pick a bar color based on usage percentage.
    191213     *

  • dashboard-available-disk-space/tags/1.1.1/readme.txt

    r3406593 r3406649  
    9595* Moved dashboard widget styles into a dedicated `style.css` file and enqueue it on the Dashboard for easier maintenance.
    9696* Improved PHPCS compatibility across the plugin files.
     97* Added open_basedir-safe checks before reading disk stats.

  • dashboard-available-disk-space/trunk/class-dashboard-available-disk-space.php

    r3406592 r3406649  
    2424    public function __construct() {
    2525        // Register installer function.
    26         register_activation_hook( __FILE__, array( $this, 'activate_dads' ) );
     26        register_activation_hook( DADS_LOADER, array( $this, 'activate_dads' ) );
    2727
    2828        add_filter( 'plugin_row_meta', array( $this, 'add_plugin_links' ), 10, 2 );
     
    160160
    161161        // Check that the dir we are checking is available.
    162         if ( ! is_dir( $dir ) ) {
     162        if ( ! is_dir( $dir ) || ! $this->is_path_allowed_for_disk_stats( $dir ) ) {
    163163            return false;
    164164        }
    165165
    166         $disk_free_space  = disk_free_space( $dir );
    167         $disk_total_space = disk_total_space( $dir );
     166        $disk_free_space  = function_exists( 'disk_free_space' ) ? disk_free_space( $dir ) : false;
     167        $disk_total_space = function_exists( 'disk_total_space' ) ? disk_total_space( $dir ) : false;
    168168
    169169        // Check if disk info is available.
     
    188188
    189189    /**
     190     * Ensure disk stat calls are allowed within open_basedir restrictions.
     191     *
     192     * @param string $dir Directory path being checked.
     193     * @return bool True if path is allowed, false otherwise.
     194     */
     195    private function is_path_allowed_for_disk_stats( $dir ) {
     196        $open_basedir = ini_get( 'open_basedir' );
     197        if ( '' === $open_basedir ) {
     198            return true;
     199        }
     200
     201        $allowed = array_filter( array_map( 'trim', explode( PATH_SEPARATOR, $open_basedir ) ) );
     202        foreach ( $allowed as $path ) {
     203            if ( '' !== $path && 0 === strpos( $dir, $path ) ) {
     204                return true;
     205            }
     206        }
     207
     208        return false;
     209    }
     210
     211    /**
    190212     * Pick a bar color based on usage percentage.
    191213     *

  • dashboard-available-disk-space/trunk/readme.txt

    r3406592 r3406649  
    9595* Moved dashboard widget styles into a dedicated `style.css` file and enqueue it on the Dashboard for easier maintenance.
    9696* Improved PHPCS compatibility across the plugin files.
     97* Added open_basedir-safe checks before reading disk stats.
Note: See TracChangeset for help on using the changeset viewer.