I'm trying to get a public folder path in shopware 6 in order to create a directory inside using the filesystem. Does anyone have an idea about it?
You could have a look at the service
shopware.filesystem.public which is defined in
vendor/shopware/core/Framework/DependencyInjection/filesystem.xml as
<service class="League\Flysystem\FilesystemInterface" id="shopware.filesystem.public" public="true">
<factory service="Shopware\Core\Framework\Adapter\Filesystem\FilesystemFactory" method="factory"/>
<argument>%shopware.filesystem.public%</argument>
</service>
When you inject this service, you can call
$publicFileSystem->createDir('folder')
to create your folder.
That does not exactly answer the question on how to get the path - but you usually don't need that, as you woult not interact directly with the filesystem, but via Flysystem classes instead.
If you really need the path, you could try something like
$publicFileSystem->getMetaData('.')['path']
This is untested by me and as written before, you might just not need the path. Also keep in mind, that the underlying filesystem might not even be a local storage.
Maybe not exactly bulletproof, but most of the time you can also use getcwd();
https://www.php.net/manual/en/function.getcwd.php
I mostly use it for writing debug-files like error_log(print_r($data, true)."\n", 3, getcwd().'/error.log');
Related
TLDR
I need to get paths to system directories like "Screenshots":
On an English system. I can just use this one:
C:/Users/User/Pictures/Screenshots
How do I get the path to "Screenshots" directory on a non-English system?
C:/Users/User/Pictures/[NAME]
Description
I have a file manager app, it displays system directories and loads them on click.
The app can run system commands via Powershell and use Node.js (preferred)
Problem
The problem is, it only works if the system has English system language.
Currently, to resolve the "Screenshots" directory path, the app simply joins the User directory with the word "Screenshots"
const pictures = electronRemote.app.getPath('pictures')
const screenshots = PATH.join(pictures, 'Screenshots')
link to the line in code
Expectedly, the C:/Users/User/Screenshots path only exists on English systems.
One way to solve this is to use short names, at least on Windows, I know that system directories have short names like SCREEN~1 and WALLPA~1 for Screenshots and Wallpapers directories, but if I use these names the paths will look like this:
C:/Users/User/SCREEN~1 instead of C:/Users/User/Screenshots throughout the app.
And even if I were to run these paths through a function to convert it to readable name, how would I know which word to replace it with? I need to get the name in the system's language.
Are these translations stored somewhere on the system? Can I just retrieve the translated directory name and use that in the code above?
Question
How do I make it to get / resolve the actual path of system directories like Screenshots and Wallpapers, independently of system locale?
If you know how to do it, could you please suggest the solution for all platforms (Win, Mac, Linux)?
Should I just use the short names like SCREEN~1 and then automatically replace all the occurrences in UI and also filter all paths through a function that replaces this short name with the actual path throughout the whole app? Seems like a lot of work, this approach
Is there a way to construct a filepath that links to the Documents folder of the active user. So instead of C:\Users\User\Documents\ something like C:\Active_User\Documents\
ps. I try to make use of this in KNIME.
The file chooser elements in KNIME understand a URL in the form of "knime://knime.workflow" which accesses the current workflow location regardless of higher directory path.
You could also use a Java Variable Edit to get the username in Java, which you use to create a string that can be used by the File Reader (or other node) as a flow variable.
It depends on what you're trying to achieve.
You can use
C:\Users\%USERNAME%\Documents
which will use the environment variable %USERNAME% (= current user).
In C#/.NET you can use Environment.SpecialFolder.MyDocuments like this:
Console.WriteLine("GetFolderPath: {0}",
Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments));
In Java System.getProperty("user.home"); should give you the right base diretory to start with.
So I'm fairly new to UNIX (This might be basic but I couldn't find a good answer) and I'm trying to run some code I got from the web. In the README it says:
"If you put these 3rd-party packages in a pathUtils folder in the same base
folder as the shadowDetection, they should be picked up automatically by
setPath. "
Does this mean I need to create a pathUtils folder in the same directory as shadowDetection? So it would look like:
/path/shadowDetection
/path/pathUtils
or would it look like
/path/shadowDetection/pathUtils
Your help and understanding is greatly appreciated.
This ReadMe you're referencing (from https://github.com/jflalonde/shadowDetection) is unclear, since it's not clear whether "shadowDetection" refers to the shadowDetection folder, or the shadowDetection software. If it's the former, then your first example (pathUtils alongside shadowDetection folder) would make sense; if it's the latter, then your second example (pathUtils inside shadowDetection folder) would apply.
My guess is that the author means parallels so I'd try it your first way first, but since it's ambiguously worded, try it the other way if it doesn't work. Once you figure it out, email the author and suggest he clarify his ReadMe.
I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available.
Ideal would be if I could somehow encode ../ in the path of somepage.jsp so that it gets extracted in the web riot directory of the Web App. Is this possible? Are there maybe any escape sequences that would translate to ../ after extracting?
Any ideas would be highly appreciated.
Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...
Sorry about the downvotes. Security is very important, and should be taught.
Do you pass in the file name to be used?
The check that the server does is probably something something like If location starts with "/tmp" then allow it. So what you want to do is pass `/tmp/../home/webapp/"?
Another idea would be to see if you could craft a zip file that would result in the contents being moved up - like if you set "../" in the filename inside the zip, what would happen? You might need to manually modify things if your zip tools don't allow it.
To protect against this kind of vulnerability you are looking for something like this:
String somedirectory = "c:/fixed_directory/";
String file = request.getParameter("file");
if(file.indexOf(".")>-1)
{
//if it contains a ., disallow
out.print("stop trying to hack");
return;
}
else
{
//load specified file and print to screen
loadfile(somedirectory+file+".txt");
///.....
}
If you just were to pass the variable "file" to your loadfile function without checking, then someone could make a link to load any file they want. See https://www.owasp.org/index.php/Path_Traversal
I recently coded something where it wasn't known if the end code would reside in a subdomain (http://user.domain.com/) or in a subdomain (http://domain.com/user), and I was lost as to the best practice for these unknown scenarios. I could thinks of a couple:
Use absolute paths (/css/styles.css) and modrewrite if it ends up being /user
Have a settings file and declare a variable with the path (<? php echo $domain . "/css/styles" ?>)
Use relative paths (../css/styles.css).
What is the best way to handle this?
If there is any question about where something might be deployed, I would avoid absolute paths whenever possible, and if you must use them, make sure to construct them using the data in the $_SERVER superglobal. The value $_SERVER['PHP_SELF'] will contain the path and filename to the currently executing script, and you can then extract the path using something like:
$path = dirname($_SERVER['PHP_SELF']);
Likewise, the value $_SERVER['HTTP_HOST'] will contain the current host, and from those two together you can build the path to wherever you are. If you're using HTTPS you may also need to check the protocol in $_SERVER['HTTPS'].
With that said, it is still best to use relative paths and a simple file and directory structure whenever possible, since it makes everything more portable and easier to read. If, as in your example, you find yourself doing a lot of ../css/styles.css then you may want to reconsider how things are structured.
Mix of 2 and 3. Use paths relative to a set variable.