From 892e949196e17184f31b067c3db2feb83fa08ca1 Mon Sep 17 00:00:00 2001
From: Andi Gutmans <andi@php.net>
Date: Sun, 20 Aug 2000 19:49:10 +0000
Subject: [PATCH] - Checking for ".." isn't enough. include_once() could mess
 up even if both - names didn't include ".." but were referenced different
 directories which - were symlinked to each other.

---
 main/php_virtual_cwd.c | 47 ++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/main/php_virtual_cwd.c b/main/php_virtual_cwd.c
index 84f90c1538..c233901b6e 100644
--- a/main/php_virtual_cwd.c
+++ b/main/php_virtual_cwd.c
@@ -271,33 +271,30 @@ CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
 		return (0);
 
 #ifndef ZEND_WIN32
-	if (strstr(path, "..")) {
-		/* If .. is found then we need to resolve real path as the .. code doesn't work with symlinks */
-		if (IS_ABSOLUTE_PATH(path, path_length)) {
-			if (realpath(path, resolved_path)) {
-				path = resolved_path;
-				path_length = strlen(path);
-			}
-		} else { /* Concat current directory with relative path and then run realpath() on it */
-			char *tmp;
-			char *ptr;
+	if (IS_ABSOLUTE_PATH(path, path_length)) {
+		if (realpath(path, resolved_path)) {
+			path = resolved_path;
+			path_length = strlen(path);
+		}
+	} else { /* Concat current directory with relative path and then run realpath() on it */
+		char *tmp;
+		char *ptr;
 
-			ptr = tmp = (char *) malloc(state->cwd_length+path_length+sizeof("/"));
-			if (!tmp) {
-				return 1;
-			}
-			memcpy(ptr, state->cwd, state->cwd_length);
-			ptr += state->cwd_length;
-			*ptr++ = DEFAULT_SLASH;
-			memcpy(ptr, path, path_length);
-			ptr += path_length;
-			*ptr = '\0';
-			if (realpath(tmp, resolved_path)) {
-				path = resolved_path;
-				path_length = strlen(path);
-			}
-			free(tmp);
+		ptr = tmp = (char *) malloc(state->cwd_length+path_length+sizeof("/"));
+		if (!tmp) {
+			return 1;
+		}
+		memcpy(ptr, state->cwd, state->cwd_length);
+		ptr += state->cwd_length;
+		*ptr++ = DEFAULT_SLASH;
+		memcpy(ptr, path, path_length);
+		ptr += path_length;
+		*ptr = '\0';
+		if (realpath(tmp, resolved_path)) {
+			path = resolved_path;
+			path_length = strlen(path);
 		}
+		free(tmp);
 	}
 #endif
 	free_path = path_copy = estrndup(path, path_length);
-- 
2.40.0