smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix regarding Security Vulnerability did not solve the problem under Linux

Browse Source
This commit is contained in:
Uwe Tews
2018-04-26 21:38:08 +02:00
parent 2e081a51b1
commit c9dbe1d08c
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libs/sysplugins/smarty_security.php
View File

@@ -639,7 +639,8 @@ class Smarty_Security
{ {
$directory = dirname($this->smarty->_realpath($filepath, true)) . DIRECTORY_SEPARATOR; $directory = dirname($this->smarty->_realpath($filepath, true)) . DIRECTORY_SEPARATOR;
$_directory = array(); $_directory = array();
while (true) { if (!preg_match('#[\\\\/][.][.][\\\\/]#',$directory)) {
while (true) {
// test if the directory is trusted // test if the directory is trusted
if (isset($dirs[ $directory ])) { if (isset($dirs[ $directory ])) {
return $_directory; return $_directory;
@@ -647,13 +648,16 @@ class Smarty_Security
// abort if we've reached root // abort if we've reached root
if (!preg_match('#[\\\\/][^\\\\/]+[\\\\/]$#', $directory)) { if (!preg_match('#[\\\\/][^\\\\/]+[\\\\/]$#', $directory)) {
// give up // give up
throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath)); break;
} }
// remember the directory to add it to _resource_dir in case we're successful // remember the directory to add it to _resource_dir in case we're successful
$_directory[ $directory ] = true; $_directory[ $directory ] = true;
// bubble up one level // bubble up one level
$directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory); $directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory);
}
} }
// give up
throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath));
} }
/** /**