Fixed an issue with Filehelper and not accessable directories

which resulted in endless loop http://www.yiiframework.com/forum/index.php/topic/50982-cfilehelper-bug-security-flaw/
11 years ago · f9dee9c951
2 changed files with 7 additions and 0 deletions
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@ -45,6 +45,7 @@ Yii Framework 2 Change Log
 - Bug: Fixed the issue that query cache returns the same data for the same SQL but different query methods (qiangxue)
 - Bug: Fixed URL parsing so it's now properly giving 404 for URLs like `http://example.com//////site/about` (samdark)
 - Bug: Fixed `HelpController::getModuleCommands` issue where it attempts to scan a module's controller directory when it doesn't exist (jom)
+- Bug: Fixed an issue with Filehelper and not accessable directories which resulted in endless loop (cebe)
 - Enh #46: Added Image extension based on [Imagine library](http://imagine.readthedocs.org) (tonydspaniard)
 - Enh #364: Improve Inflector::slug with `intl` transliteration. Improved transliteration char map. (tonydspaniard)
 - Enh #797: Added support for validating multiple columns by `UniqueValidator` and `ExistValidator` (qiangxue)
--- a/framework/helpers/BaseFileHelper.php
+++ b/framework/helpers/BaseFileHelper.php
@ -185,6 +185,9 @@ class BaseFileHelper
 		}

 		$handle = opendir($src);
+		if ($handle === false) {
+			throw new InvalidParamException('Unable to open directory: ' . $src);
+		}
 		while (($file = readdir($handle)) !== false) {
 			if ($file === '.' || $file === '..') {
 				continue;
@ -293,6 +296,9 @@ class BaseFileHelper
 		}
 		$list = [];
 		$handle = opendir($dir);
+		if ($handle === false) {
+			throw new InvalidParamException('Unable to open directory: ' . $dir);
+		}
 		while (($file = readdir($handle)) !== false) {
 			if ($file === '.' || $file === '..') {
 				continue;