From: Fabien Potencier Date: Tue, 14 Dec 2010 13:36:45 +0000 (+0100) Subject: fixed security check in filesystem loader X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=efdcb8c6f4b941b523ba846061cec2affbad871c;p=web%2Fkonrad%2Ftwig.git fixed security check in filesystem loader --- diff --git a/lib/Twig/Loader/Filesystem.php b/lib/Twig/Loader/Filesystem.php index e733da4..7fb2b7d 100644 --- a/lib/Twig/Loader/Filesystem.php +++ b/lib/Twig/Loader/Filesystem.php @@ -104,12 +104,18 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface // normalize name $name = str_replace('\\', '/', $name); - // remove ./ - $name = preg_replace('#(^|/)\./(\./)*#', '$1', $name); + $parts = explode('/', $name); + $level = 0; + foreach ($parts as $part) { + if ('..' === $part) { + --$level; + } elseif ('.' !== $part) { + ++$level; + } - // security check (a name cannot start with ../) - if ('..' === substr($name, 0, 2)) { - throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.'); + if ($level < 0) { + throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.'); + } } if (isset($this->cache[$name])) { diff --git a/test/Twig/Tests/Loader/Filesystem.php b/test/Twig/Tests/Loader/FilesystemTest.php similarity index 95% rename from test/Twig/Tests/Loader/Filesystem.php rename to test/Twig/Tests/Loader/FilesystemTest.php index caf0d68..a539686 100644 --- a/test/Twig/Tests/Loader/Filesystem.php +++ b/test/Twig/Tests/Loader/FilesystemTest.php @@ -34,6 +34,7 @@ class Twig_Tests_Loader_FilesystemTest extends PHPUnit_Framework_TestCase array('foo\\..\\..\\AutoloaderTest.php'), array('foo/../bar/../../AutoloaderTest.php'), array('foo/bar/../../../AutoloaderTest.php'), + array('filters/../../AutoloaderTest.php'), ); } }