From: Edward Z. Yang <ezyang@mit.edu>
Date: Wed, 15 Sep 2010 07:37:16 +0000 (-0400)
Subject: Avoid .. and . on directory traversal.
X-Git-Url: https://repo.or.cz/w/xhtml-compiler.git/commitdiff_plain/07e3bf48cb4d0b7432ba59097c2ceb7d6289c3e8

Avoid .. and . on directory traversal.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---

diff --git a/XHTMLCompiler/Directory.php b/XHTMLCompiler/Directory.php
index 61f0963..c4913a4 100644
--- a/XHTMLCompiler/Directory.php
+++ b/XHTMLCompiler/Directory.php
@@ -66,6 +66,7 @@ class XHTMLCompiler_Directory
             $tier =& $dirs[$i][1]; // current directory tree to write to
             for($d->rewind(); $d->valid(); $d->next()) {
                 if ($d->isDir()) {
+                    if ($d->getFileName() == ".." || $d->getFileName() == ".") continue;
                     // initialize new directory tree
                     $tier[$d->getFilename()] = array();
                     // file away another directory to process