hugo
/
composer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix possible vendor-dir "evasion" via target-dir

Browse Source
main
Jordi Boggiano 12 years ago
parent ebc9c73008
commit f377e9ca87
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
src/Composer/Package/Package.php
Unescape Escape View File

@ -114,7 +114,11 @@ class Package extends BasePackage
*/
public function getTargetDir()
{
return $this->targetDir;
if (null === $this->targetDir) {
return;
}
return ltrim(preg_replace('{ (?:^|[\\\\/]) \.\.? (?:[\\\\/]|$) (?:\.\.? (?:[\\\\/]|$) )*}x', '/', $this->targetDir), '/');
}
/**

15
tests/Composer/Test/Package/CompletePackageTest.php
Unescape Escape View File

@ -71,4 +71,19 @@ class CompletePackageTest extends TestCase
$this->assertEquals(strtolower($name).'-'.$normVersion, (string) $package);
}
public function testGetTargetDir()
{
$package = new Package('a', '1.0.0.0', '1.0');
$this->assertNull($package->getTargetDir());
$package->setTargetDir('./../foo/');
$this->assertEquals('foo/', $package->getTargetDir());
$package->setTargetDir('foo/../../../bar/');
$this->assertEquals('foo/bar/', $package->getTargetDir());
$package->setTargetDir('../..');
$this->assertEquals('', $package->getTargetDir());
}
}

Write Preview
Loading…
Cancel
Save