module.php: Be more paranoid when verifying paths.
Cannot see a way that this can be used to escape the module www directory, but being more specific in the test won't hurt. git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@2961 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
f7d85a874b
commit
ee383de867
|
@ -75,9 +75,9 @@ try {
|
|||
* URL will detect both '../' and './'. Searching for '\' will detect attempts to
|
||||
* use Windows-style paths.
|
||||
*/
|
||||
if (strpos($url, '\\')) {
|
||||
if (strpos($url, '\\') !== FALSE) {
|
||||
throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
|
||||
} elseif (strpos($url, './')) {
|
||||
} elseif (strpos($url, './') !== FALSE) {
|
||||
throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue