From 29f5d24082e8bd7bdfed5d9c118922779dfff141 Mon Sep 17 00:00:00 2001
From: messju <messju@localhost>
Date: Sat, 9 Aug 2003 08:08:39 +0000
Subject: [PATCH] tightenend path checking in smarty_core_is_secure()

---
 libs/core/core.is_secure.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libs/core/core.is_secure.php b/libs/core/core.is_secure.php
index 5e8803f3..ad74f41f 100644
--- a/libs/core/core.is_secure.php
+++ b/libs/core/core.is_secure.php
@@ -23,10 +23,13 @@ function smarty_core_is_secure($params, &$smarty)
 
     $_smarty_secure = false;
     if ($params['resource_type'] == 'file') {
+        $_rp = realpath($params['resource_name']);
         if (!empty($smarty->secure_dir)) {
             foreach ((array)$smarty->secure_dir as $curr_dir) {
                 if ( !empty($curr_dir) && is_readable ($curr_dir)) {
-                    if (substr(realpath($params['resource_name']),0, strlen(realpath($curr_dir))) == realpath($curr_dir)) {
+                    $_cd = realpath($curr_dir);
+                    if (strncmp($_rp, $_cd, strlen($_cd)) == 0
+                        && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
                         $_smarty_secure = true;
                         break;
                     }