diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/helper.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/private/helper.php b/lib/private/helper.php index 64da1f6fb12..1883ae2a8f2 100644 --- a/lib/private/helper.php +++ b/lib/private/helper.php @@ -733,9 +733,21 @@ class OC_Helper { * @return bool */ public static function issubdirectory($sub, $parent) { - if (strpos(realpath($sub), realpath($parent)) === 0) { + $realpathSub = realpath($sub); + $realpathParent = realpath($parent); + + // realpath() may return false in case the directory does not exist + // since we can not be sure how different PHP versions may behave here + // we do an additional check whether realpath returned false + if($realpathSub === false || $realpathParent === false) { + return false; + } + + // Check whether $sub is a subdirectory of $parent + if (strpos($realpathSub, $realpathParent) === 0) { return true; } + return false; } |