fixed security check in filesystem loader

diff --git a/lib/Twig/Loader/Filesystem.php b/lib/Twig/Loader/Filesystem.php
index e733da4..7fb2b7d 100644 (file)
--- a/lib/Twig/Loader/Filesystem.php
+++ b/lib/Twig/Loader/Filesystem.php
@@ -104,12 +104,18 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface
         // normalize name
         $name = str_replace('\\', '/', $name);
 
-        // remove ./
-        $name = preg_replace('#(^|/)\./(\./)*#', '$1', $name);
+        $parts = explode('/', $name);
+        $level = 0;
+        foreach ($parts as $part) {
+            if ('..' === $part) {
+                --$level;
+            } elseif ('.' !== $part) {
+                ++$level;
+            }
 
-        // security check (a name cannot start with ../)
-        if ('..' === substr($name, 0, 2)) {
-            throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.');
+            if ($level < 0) {
+                throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.');
+            }
         }
 
         if (isset($this->cache[$name])) {

diff --git a/test/Twig/Tests/Loader/Filesystem.php b/test/Twig/Tests/Loader/FilesystemTest.php
similarity index 95%
rename from test/Twig/Tests/Loader/Filesystem.php
rename to test/Twig/Tests/Loader/FilesystemTest.php
index caf0d68..a539686 100644 (file)
--- a/test/Twig/Tests/Loader/Filesystem.php
+++ b/test/Twig/Tests/Loader/FilesystemTest.php
@@ -34,6 +34,7 @@ class Twig_Tests_Loader_FilesystemTest extends PHPUnit_Framework_TestCase
             array('foo\\..\\..\\AutoloaderTest.php'),
             array('foo/../bar/../../AutoloaderTest.php'),
             array('foo/bar/../../../AutoloaderTest.php'),
+            array('filters/../../AutoloaderTest.php'),
         );
     }
 }