Skip to content
This repository has been archived by the owner on Nov 26, 2017. It is now read-only.

Commit

Permalink
When JPATH_ROOT is an empty string –i.e. we run inside a chroot jail–…
Browse files Browse the repository at this point in the history 
… JPath::check() always raises error 20 (snooping out of bounds). By definition of the chroot jail, we can snoop out of bounds in this case. Therefore this check should always succeed. Ergo the proposed change.
  • Loading branch information
Nicholas K. Dionysopoulos committed Dec 2, 2011
1 parent 81d047d commit 5ea87f3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libraries/joomla/filesystem/path.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ public static function check($path, $ds = DIRECTORY_SEPARATOR)
}

$path = JPath::clean($path);
if (strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
if (!empty(JPATH_ROOT) && strpos($path, JPath::clean(JPATH_ROOT)) !== 0)
{
// Don't translate
JError::raiseError(20, 'JPath::check Snooping out of bounds @ ' . $path);
Expand Down

1 comment on commit 5ea87f3

@elinw
Copy link
Contributor

@elinw elinw commented on 5ea87f3 Dec 3, 2011

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think empty(CONSTANT) will work.

Please sign in to comment.