Skip to content
This repository
Browse code

When JPATH_ROOT is an empty string –i.e. we run inside a chroot jail–…

… JPath::check() always raises error 20 (snooping out of bounds). By definition of the chroot jail, we can snoop out of bounds in this case. Therefore this check should always succeed. Ergo the proposed change.
  • Loading branch information...
commit 5ea87f35e0257cbd4ed232ad993890b454248bc3 1 parent 81d047d
Nicholas K. Dionysopoulos nikosdion authored

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. +1 1  libraries/joomla/filesystem/path.php
2  libraries/joomla/filesystem/path.php
@@ -177,7 +177,7 @@ public static function check($path, $ds = DIRECTORY_SEPARATOR)
177 177 }
178 178
179 179 $path = JPath::clean($path);
180   - if (strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
  180 + if (!empty(JPATH_ROOT) && strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
181 181 {
182 182 // Don't translate
183 183 JError::raiseError(20, 'JPath::check Snooping out of bounds @ ' . $path);

1 comment on commit 5ea87f3

elinw

I don't think empty(CONSTANT) will work.

Please sign in to comment.
Something went wrong with that request. Please try again.