diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-05-11 15:49:19 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-05-11 15:49:19 +0200 |
| commit | a40e49cae5983d8158562e142919cd3108bd2fd8 (patch) | |
| tree | d8e1778a25ec87c0213d260c7555474eb287cfd4 /lib | |
| parent | b6d76e9985105a245daf63f60b47e82df283019d (diff) | |
| download | nextcloud-server-a40e49cae5983d8158562e142919cd3108bd2fd8.tar.gz nextcloud-server-a40e49cae5983d8158562e142919cd3108bd2fd8.zip | |
Harden issubdirectory()
realpath() may return false in case the directory does not exist since we can not be sure how different PHP versions may behave here we do an additional check whether realpath returned false
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/helper.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/private/helper.php b/lib/private/helper.php index 64da1f6fb12..1883ae2a8f2 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -733,9 +733,21 @@ class OC_Helper { * @return bool */ public static function issubdirectory($sub, $parent) { - if (strpos(realpath($sub), realpath($parent)) === 0) { + $realpathSub = realpath($sub); + $realpathParent = realpath($parent); + + // realpath() may return false in case the directory does not exist + // since we can not be sure how different PHP versions may behave here + // we do an additional check whether realpath returned false + if($realpathSub === false || $realpathParent === false) { + return false; + } + + // Check whether $sub is a subdirectory of $parent + if (strpos($realpathSub, $realpathParent) === 0) { return true; } + return false; } |