From 3d19a2eed53570776af313593aaeb5ad62cf4980 Mon Sep 17 00:00:00 2001
From: Rick Prent <rprent@hostnet.nl>
Date: Fri, 8 Mar 2013 14:16:10 +0100
Subject: [PATCH] Fixed twig filesystemloader security issue + test (closes #1026)

---
 lib/Twig/Loader/Filesystem.php            |    1 +
 test/Twig/Tests/Loader/FilesystemTest.php |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/lib/Twig/Loader/Filesystem.php b/lib/Twig/Loader/Filesystem.php
index faf27e3..84a5e03 100644
--- a/lib/Twig/Loader/Filesystem.php
+++ b/lib/Twig/Loader/Filesystem.php
@@ -203,6 +203,7 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface, Twig_ExistsLoaderI
             throw new Twig_Error_Loader('A template name cannot contain NUL bytes.');
         }
 
+        $name = ltrim($name, '/');
         $parts = explode('/', $name);
         $level = 0;
         foreach ($parts as $part) {
diff --git a/test/Twig/Tests/Loader/FilesystemTest.php b/test/Twig/Tests/Loader/FilesystemTest.php
index 9ea2d0e..798e994 100644
--- a/test/Twig/Tests/Loader/FilesystemTest.php
+++ b/test/Twig/Tests/Loader/FilesystemTest.php
@@ -47,6 +47,7 @@ class Twig_Tests_Loader_FilesystemTest extends PHPUnit_Framework_TestCase
             array('filters\\..\\..\\AutoloaderTest.php'),
             array('filters\\\\..\\\\..\\\\AutoloaderTest.php'),
             array('filters\\//../\\/\\..\\AutoloaderTest.php'),
+            array('/../AutoloaderTest.php'),
         );
     }
 
-- 
1.7.2.5