Directory traversal checks one directory above and hits open_basedir limits

Hello,

We have noticed an issue with the plugin which in some cases accesses one directory above that hits open_basedir limits on some hosts for example WPX Hosting.

For example on line 223 /home/XXX/public_html/wp-content/plugins/my-simple-space/my-simple-space.php:

foreach( new \RecursiveIteratorIterator( new \RecursiveDirectoryIterator( $path, \FilesystemIterator::FOLLOW_SYMLINKS ) ) as $file ) {
                                        $total_size += $file->getSize();
                        }

doesn’t work and returns errors related to open_basedir limits.

A quick fix might be if the specific $file variable is checking the “..”:

foreach( new \RecursiveIteratorIterator( new \RecursiveDirectoryIterator( $path, \FilesystemIterator::FOLLOW_SYMLINKS ) ) as $file ) {
                                if(basename($file) !== ".."){
                                        $total_size += $file->getSize();
                                }
                        }

This should be a simple check which will result in full support on all hosts using the open_basedir security feature.

Thanks.

• This topic was modified 4 years, 5 months ago by Krasimir Velichkov.
• This topic was modified 4 years, 5 months ago by Krasimir Velichkov.
• This topic was modified 4 years, 5 months ago by Krasimir Velichkov.