- bugfix regarding Security Vulnerability did not solve the problem u…

…nder Linux
smarty-php · Apr 26, 2018 · c9dbe1d · c9dbe1d
1 parent 2e081a5
commit c9dbe1d
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/libs/sysplugins/smarty_security.php b/libs/sysplugins/smarty_security.php
@@ -639,21 +639,25 @@ private function _checkDir($filepath, $dirs)
     {
         $directory = dirname($this->smarty->_realpath($filepath, true)) . DIRECTORY_SEPARATOR;
         $_directory = array();
-        while (true) {
+        if (!preg_match('#[\\\\/][.][.][\\\\/]#',$directory)) {
+            while (true) {
              // test if the directory is trusted
             if (isset($dirs[ $directory ])) {
                return $_directory;
             }
             // abort if we've reached root
             if (!preg_match('#[\\\\/][^\\\\/]+[\\\\/]$#', $directory)) {
                 // give up
-                throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath));
+                break;
             }
             // remember the directory to add it to _resource_dir in case we're successful
             $_directory[ $directory ] = true;
            // bubble up one level
             $directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory);
+            }
         }
+        // give up
+        throw new SmartyException(sprintf('Smarty Security: not trusted file path \'%s\' ',$filepath));
     }
 
     /**