From 3fcb383f4916b7e441a55ae7dde3ed249cef1bcb Mon Sep 17 00:00:00 2001 From: Dmitry Demidovsky Date: Sat, 5 Dec 2015 22:58:00 +0300 Subject: [PATCH] Changed allowDirs comparsion logic #497 --- lib/Minify/Source/Factory.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/Minify/Source/Factory.php b/lib/Minify/Source/Factory.php index cc3648a..2cec8d6 100644 --- a/lib/Minify/Source/Factory.php +++ b/lib/Minify/Source/Factory.php @@ -153,12 +153,17 @@ class Minify_Source_Factory { } if ($this->options['checkAllowDirs']) { + $inAllowedDir = false; foreach ((array)$this->options['allowDirs'] as $allowDir) { - if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) !== 0) { - throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." - . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option."); + if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) === 0) { + $inAllowedDir = true; } } + + if (!$inAllowedDir) { + throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs." + . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option."); + } } $basename = basename($spec['filepath']);