From: Andi Gutmans <andi@php.net>
Date: Sun, 20 Aug 2000 19:49:10 +0000 (+0000)
Subject: - Checking for ".." isn't enough. include_once() could mess up even if both
X-Git-Tag: php-4.0.2RC1~20
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=892e949196e17184f31b067c3db2feb83fa08ca1;p=php

- Checking for ".." isn't enough. include_once() could mess up even if both
- names didn't include ".." but were referenced different directories which
- were symlinked to each other.
---

diff --git a/main/php_virtual_cwd.c b/main/php_virtual_cwd.c
index 84f90c1538..c233901b6e 100644
--- a/main/php_virtual_cwd.c
+++ b/main/php_virtual_cwd.c
@@ -271,33 +271,30 @@ CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
 		return (0);
 
 #ifndef ZEND_WIN32
-	if (strstr(path, "..")) {
-		/* If .. is found then we need to resolve real path as the .. code doesn't work with symlinks */
-		if (IS_ABSOLUTE_PATH(path, path_length)) {
-			if (realpath(path, resolved_path)) {
-				path = resolved_path;
-				path_length = strlen(path);
-			}
-		} else { /* Concat current directory with relative path and then run realpath() on it */
-			char *tmp;
-			char *ptr;
+	if (IS_ABSOLUTE_PATH(path, path_length)) {
+		if (realpath(path, resolved_path)) {
+			path = resolved_path;
+			path_length = strlen(path);
+		}
+	} else { /* Concat current directory with relative path and then run realpath() on it */
+		char *tmp;
+		char *ptr;
 
-			ptr = tmp = (char *) malloc(state->cwd_length+path_length+sizeof("/"));
-			if (!tmp) {
-				return 1;
-			}
-			memcpy(ptr, state->cwd, state->cwd_length);
-			ptr += state->cwd_length;
-			*ptr++ = DEFAULT_SLASH;
-			memcpy(ptr, path, path_length);
-			ptr += path_length;
-			*ptr = '\0';
-			if (realpath(tmp, resolved_path)) {
-				path = resolved_path;
-				path_length = strlen(path);
-			}
-			free(tmp);
+		ptr = tmp = (char *) malloc(state->cwd_length+path_length+sizeof("/"));
+		if (!tmp) {
+			return 1;
+		}
+		memcpy(ptr, state->cwd, state->cwd_length);
+		ptr += state->cwd_length;
+		*ptr++ = DEFAULT_SLASH;
+		memcpy(ptr, path, path_length);
+		ptr += path_length;
+		*ptr = '\0';
+		if (realpath(tmp, resolved_path)) {
+			path = resolved_path;
+			path_length = strlen(path);
 		}
+		free(tmp);
 	}
 #endif
 	free_path = path_copy = estrndup(path, path_length);