diff options
Diffstat (limited to 'lib/private/helper.php')
| -rw-r--r-- | lib/private/helper.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/private/helper.php b/lib/private/helper.php index 64da1f6fb12..6bc054bce86 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -732,10 +732,22 @@ class OC_Helper { * @param string $parent * @return bool */ - public static function issubdirectory($sub, $parent) { - if (strpos(realpath($sub), realpath($parent)) === 0) { + public static function isSubDirectory($sub, $parent) { + $realpathSub = realpath($sub); + $realpathParent = realpath($parent); + + // realpath() may return false in case the directory does not exist + // since we can not be sure how different PHP versions may behave here + // we do an additional check whether realpath returned false + if($realpathSub === false || $realpathParent === false) { + return false; + } + + // Check whether $sub is a subdirectory of $parent + if (strpos($realpathSub, $realpathParent) === 0) { return true; } + return false; } |