From 48ac60e08233051cc35fe21a7eb98594a4485438 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 14 Dec 2010 11:36:59 +0100 Subject: [PATCH] fixed filesystem loader compatibility with PHAR files --- CHANGELOG | 1 + lib/Twig/Loader/Filesystem.php | 26 ++++++++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f8ed2c8..dda3a2f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -15,6 +15,7 @@ Backward incompatibilities: Changes: + * fixed filesystem loader compatibility with PHAR files * enhanced error messages when an unexpected token is parsed in an expression * fixed filename not being added to syntax error messages * added the autoescape option to enable/disable autoescaping diff --git a/lib/Twig/Loader/Filesystem.php b/lib/Twig/Loader/Filesystem.php index 91d8844..e733da4 100644 --- a/lib/Twig/Loader/Filesystem.php +++ b/lib/Twig/Loader/Filesystem.php @@ -60,7 +60,7 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface throw new Twig_Error_Loader(sprintf('The "%s" directory does not exist.', $path)); } - $this->paths[] = realpath($path); + $this->paths[] = $path; } } @@ -101,23 +101,25 @@ class Twig_Loader_Filesystem implements Twig_LoaderInterface protected function findTemplate($name) { + // normalize name + $name = str_replace('\\', '/', $name); + + // remove ./ + $name = preg_replace('#(^|/)\./(\./)*#', '$1', $name); + + // security check (a name cannot start with ../) + if ('..' === substr($name, 0, 2)) { + throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.'); + } + if (isset($this->cache[$name])) { return $this->cache[$name]; } foreach ($this->paths as $path) { - if (!file_exists($path.DIRECTORY_SEPARATOR.$name) || is_dir($path.DIRECTORY_SEPARATOR.$name)) { - continue; + if (file_exists($path.DIRECTORY_SEPARATOR.$name) && !is_dir($path.DIRECTORY_SEPARATOR.$name)) { + return $this->cache[$name] = $path.DIRECTORY_SEPARATOR.$name; } - - $file = realpath($path.DIRECTORY_SEPARATOR.$name); - - // simple security check - if (0 !== strpos($file, $path)) { - throw new Twig_Error_Loader('Looks like you try to load a template outside configured directories.'); - } - - return $this->cache[$name] = $file; } throw new Twig_Error_Loader(sprintf('Unable to find template "%s" (looked into: %s).', $name, implode(', ', $this->paths))); -- 1.7.2.5