source.dussan.org Git - nextcloud-server.git/commit

author	Lukas Reschke <lukas@statuscode.ch>
	Sun, 13 Jan 2013 13:33:19 +0000 (14:33 +0100)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sun, 13 Jan 2013 13:33:19 +0000 (14:33 +0100)
commit	e151210a62a1fbe9fb885bd1dbb51315bd820e03
tree	122d4d8550ae273c1177451f59074ccbaedeb78e	tree \| snapshot
parent	981fd5e4249d6bda0f8a06d86055ede896cdc9da	commit \| diff

Simplify the isSubDirectory() function

isSubDirectory() checks if a specified $sub is a subdirectory of the
$parent, this is needed to prevent file inclusions.

Actually, the current code is more kind of a "hack" which I always
struggle over if browsing through source. So this should be a much
better implementation.

The implementation is really straightforward:
- [realpath()](http://php.net/manual/function.realpath.php) expands all
symbolic links and resolves references to '/./', '/../' and extra '/'
characters in the input path and return the canonicalized absolute
pathname.
- [strpos()](php.net/manual/function.strpos.php) returns FALSE if the
substring wasn't found.

Since this is an absolutely critical piece of code, I'd like to ensure
that this is absolutely safe!