Avoid .. and . on directory traversal.
authorEdward Z. Yang <ezyang@mit.edu>
Wed, 15 Sep 2010 07:37:16 +0000 (15 03:37 -0400)
committerEdward Z. Yang <ezyang@mit.edu>
Wed, 15 Sep 2010 07:37:16 +0000 (15 03:37 -0400)
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
XHTMLCompiler/Directory.php

index 61f0963..c4913a4 100644 (file)
@@ -66,6 +66,7 @@ class XHTMLCompiler_Directory
             $tier =& $dirs[$i][1]; // current directory tree to write to
             for($d->rewind(); $d->valid(); $d->next()) {
                 if ($d->isDir()) {
+                    if ($d->getFileName() == ".." || $d->getFileName() == ".") continue;
                     // initialize new directory tree
                     $tier[$d->getFilename()] = array();
                     // file away another directory to process