From fb23bddeb21281f3650ecfa2fe6ea67869587d2c Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Thu, 27 Jul 2023 12:06:14 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B06061=20-=20allow=20local=20path=20from?=
 =?UTF-8?q?=20an=20arbitrary=20path?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/utils.inc.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/application/utils.inc.php b/application/utils.inc.php
index a2b30f8e7..d8b2c47f7 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -2651,20 +2651,21 @@ SQL;
 	 * Dir separator is changed to '/' for consistency among the different OS
 	 *
 	 * @param string $sAbsolutePath absolute path
+	 * @param string $sBasePath
 	 *
 	 * @return false|string
 	 */
-	final public static function LocalPath($sAbsolutePath)
+	final public static function LocalPath(string $sAbsolutePath, string $sBasePath = APPROOT)
 	{
-		$sRootPath = realpath(APPROOT);
+		$sRootPath = realpath($sBasePath);
 		$sFullPath = realpath($sAbsolutePath);
 		if (($sFullPath === false) || !self::StartsWith($sFullPath, $sRootPath))
 		{
 			return false;
 		}
 		$sLocalPath = substr($sFullPath, strlen($sRootPath.DIRECTORY_SEPARATOR));
-		$sLocalPath = str_replace(DIRECTORY_SEPARATOR, '/', $sLocalPath);
-		return $sLocalPath;
+
+		return str_replace(DIRECTORY_SEPARATOR, '/', $sLocalPath);
 	}
 
 	/**