smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix regarding Security Vulnerability did not solve the problem under Linux

Browse Source
This commit is contained in:
Uwe Tews
2018-04-26 21:38:08 +02:00
parent 2e081a51b1
commit c9dbe1d08c
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libs/sysplugins/smarty_security.php
View File

@@ -639,6 +639,7 @@ class Smarty_Security
{ {
$directory = dirname($this->smarty->_realpath($filepath, true)) . DIRECTORY_SEPARATOR; $directory = dirname($this->smarty->_realpath($filepath, true)) . DIRECTORY_SEPARATOR;
$_directory = array(); $_directory = array();
if (!preg_match('#[\\\\/][.][.][\\\\/]#',$directory)) {
while (true) { while (true) {
// test if the directory is trusted // test if the directory is trusted
if (isset($dirs[ $directory ])) { if (isset($dirs[ $directory ])) {
@@ -647,7 +648,7 @@ class Smarty_Security
// abort if we've reached root // abort if we've reached root
if (!preg_match('#[\\\\/][^\\\\/]+[\\\\/]$#', $directory)) { if (!preg_match('#[\\\\/][^\\\\/]+[\\\\/]$#', $directory)) {
// give up // give up
throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath)); break;
} }
// remember the directory to add it to _resource_dir in case we're successful // remember the directory to add it to _resource_dir in case we're successful
$_directory[ $directory ] = true; $_directory[ $directory ] = true;
@@ -655,6 +656,9 @@ class Smarty_Security
$directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory); $directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory);
} }
} }
// give up
throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath));
}
/** /**
* Loads security class and enables security * Loads security class and enables security