MC-41488: Directory write update

hwyu@adobe.com · hwyu@adobe.com · commit dfb2e2aaf9a9 · 2021-04-15T12:50:30.000-05:00
- Added extra validation
diff --git a/lib/internal/Magento/Framework/Filesystem/Directory/DenyListPathValidator.php b/lib/internal/Magento/Framework/Filesystem/Directory/DenyListPathValidator.php
@@ -66,8 +66,8 @@ public function validate(
         }
 
         foreach ($this->fileDenyList as $file) {
-            $ext = pathinfo($fullPath, PATHINFO_EXTENSION);
-            if ($ext == $file) {
+            $baseName = pathinfo($fullPath, PATHINFO_BASENAME);
+            if (str_contains($baseName, $file) || preg_match('#' . "\." . $file . '#', $fullPath)) {
                 throw new ValidatorException(
                     new Phrase('"%1" is not a valid file path', [$path])
                 );
