The interactions with a filesystem is a common attack vector. For example if used incorrectly the code might allow to write content provided to request at arbitrary location on filesystem.
It's pretty hard to protect all current and future places in code, where file functions are used, because:
- these are global functions (e.g. "file_get_contents", "fopen", etc.)
- there are 81 different functions, that work with filesystem (see http://php.net/manual/en/function.file-get-contents.php)
- no central place of filesystem access exists
The obvious solution would be to move all file-related operations into a dedicated new class (filesystem access layer) that will ensure that no harm can be done. Turns out, that there are already some libraries, that do this for us:
Strangely enough Symfony provided solution isn't the best of them.
Another side benefit of using filesystem abstraction layer is to define sub-layers (e.g. for uploaded files, for cached stuff) and then be able to individually move data in these layers. This might prove useful, when deploying In-Portal to the cloud.
- connect chosen Filesystem abstraction layer to In-Portal
- locate all places, where filesystem is accessed (read/write/etc.)
- use Filesystem adapter to do all the work