Permalink
Browse files

Fixed twig filesystemloader security issue + test (closes #1026)

  • Loading branch information...
1 parent 481abb8 commit 3d19a2eed53570776af313593aaeb5ad62cf4980 Rick Prent committed with Mar 8, 2013
Showing with 2 additions and 0 deletions.
  1. +1 −0 lib/Twig/Loader/Filesystem.php
  2. +1 −0 test/Twig/Tests/Loader/FilesystemTest.php
View
1 lib/Twig/Loader/Filesystem.php
@@ -203,6 +203,7 @@ protected function validateName($name)
throw new Twig_Error_Loader('A template name cannot contain NUL bytes.');
}
+ $name = ltrim($name, '/');
$parts = explode('/', $name);
$level = 0;
foreach ($parts as $part) {
View
1 test/Twig/Tests/Loader/FilesystemTest.php
@@ -47,6 +47,7 @@ public function getSecurityTests()
array('filters\\..\\..\\AutoloaderTest.php'),
array('filters\\\\..\\\\..\\\\AutoloaderTest.php'),
array('filters\\//../\\/\\..\\AutoloaderTest.php'),
+ array('/../AutoloaderTest.php'),
);
}

0 comments on commit 3d19a2e

Please sign in to comment.