entrouvert
/
simplesamlphp
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

module.php: Be more paranoid when verifying paths. 

Cannot see a way that this can be used to escape the module www
directory, but being more specific in the test won't hurt.

git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@2961 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
olavmrk 2011-10-28 08:17:01 +00:00
parent f7d85a874b
commit ee383de867
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
www/module.php
View File

@ -75,9 +75,9 @@ try {
* URL will detect both '../' and './'. Searching for '\' will detect attempts to
* use Windows-style paths.
*/
if (strpos($url, '\\')) {
if (strpos($url, '\\') !== FALSE) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
} elseif (strpos($url, './')) {
} elseif (strpos($url, './') !== FALSE) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
}