From: Rick Prent <rprent@hostnet.nl>
Date: Fri, 8 Mar 2013 13:16:10 +0000 (+0100)
Subject: Fixed twig filesystemloader security issue + test (closes #1026)
X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=3d19a2eed53570776af313593aaeb5ad62cf4980;p=konrad%2Ftwig.git

Fixed twig filesystemloader security issue + test (closes #1026)
---

diff --git a/lib/Twig/Loader/Filesystem.php b/lib/Twig/Loader/Filesystem.php
index faf27e3..84a5e03 100644
--- a/lib/Twig/Loader/Filesystem.php
+++ b/lib/Twig/Loader/Filesystem.php
@@ -203,6 +203,7 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface, Twig_ExistsLoaderI
             throw new Twig_Error_Loader('A template name cannot contain NUL bytes.');
         }
 
+        $name = ltrim($name, '/');
         $parts = explode('/', $name);
         $level = 0;
         foreach ($parts as $part) {
diff --git a/test/Twig/Tests/Loader/FilesystemTest.php b/test/Twig/Tests/Loader/FilesystemTest.php
index 9ea2d0e..798e994 100644
--- a/test/Twig/Tests/Loader/FilesystemTest.php
+++ b/test/Twig/Tests/Loader/FilesystemTest.php
@@ -47,6 +47,7 @@ class Twig_Tests_Loader_FilesystemTest extends PHPUnit_Framework_TestCase
             array('filters\\..\\..\\AutoloaderTest.php'),
             array('filters\\\\..\\\\..\\\\AutoloaderTest.php'),
             array('filters\\//../\\/\\..\\AutoloaderTest.php'),
+            array('/../AutoloaderTest.php'),
         );
     }