1 files changed, 5 insertions, 0 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index 6642e51..fed4b10 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -31,6 +31,11 @@ function validate_get($value, $type) {
 }
 function validateRRDPath($base, $path) {
+        $base = preg_replace('/\/$/', '', $base);
+        # resolve possible symlink
+        $base = realpath($base);
        $realpath = realpath(sprintf('%s/%s', $base, $path));
        if (strpos($realpath, $base) === false)

diff --git a/inc/functions.inc.php b/inc/functions.inc.php index 6642e51..fed4b10 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php
@@ -31,6 +31,11 @@ function validate_get($value, $type) {
31	}	31	}
32		32
33	function validateRRDPath($base, $path) {	33	function validateRRDPath($base, $path) {
		34	$base = preg_replace('/\/$/', '', $base);
		35
		36	# resolve possible symlink
		37	$base = realpath($base);
		38
34	$realpath = realpath(sprintf('%s/%s', $base, $path));	39	$realpath = realpath(sprintf('%s/%s', $base, $path));
35		40
36	if (strpos($realpath, $base) === false)	41	if (strpos($realpath, $base) === false)