From da70e92cc147b114590b155bc71185cc205d1702 Mon Sep 17 00:00:00 2001
From: Dmitry Demidovsky <d.demidovsky@gmail.com>
Date: Fri, 4 Dec 2015 14:02:02 +0300
Subject: [PATCH] normalize paths before checking allowed dirs

---
 lib/Minify/Source/Factory.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/Minify/Source/Factory.php b/lib/Minify/Source/Factory.php
index 8b41e55..4f28d0e 100644
--- a/lib/Minify/Source/Factory.php
+++ b/lib/Minify/Source/Factory.php
@@ -110,6 +110,25 @@ class Minify_Source_Factory {
         return $realpath;
     }
 
+
+    /**
+     * @param string  $path
+     * @return string
+     */
+    public function getNormalizedPath($path)
+    {
+        // turn windows-style slashes into unix-style
+        $norm = str_replace("\\", "/", $path);
+
+        // lowercase drive letter
+        if (preg_match('/^\w:/', $norm)) {
+            $norm = lcfirst($norm);
+        }
+
+        return $norm;
+    }
+
+
     /**
      * @param mixed $spec
      *
@@ -140,7 +159,7 @@ class Minify_Source_Factory {
 
         if ($this->options['checkAllowDirs']) {
             foreach ((array)$this->options['allowDirs'] as $allowDir) {
-                if (strpos($spec['filepath'], $allowDir) !== 0) {
+                if (strpos($this->getNormalizedPath($spec['filepath']), $this->getNormalizedPath($allowDir)) !== 0) {
                     throw new Minify_Source_FactoryException("File '{$spec['filepath']}' is outside \$allowDirs."
                         . " If the path is resolved via an alias/symlink, look into the \$min_symlinks option.");
                 }