diff options
Diffstat (limited to 'p')
| -rw-r--r-- | p/ext.php | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -19,13 +19,14 @@ require(__DIR__ . '/../constants.php'); */ function is_valid_path($path) { // It must be under the extension path. - $in_ext_path = (substr($path, 0, strlen(EXTENSIONS_PATH)) === EXTENSIONS_PATH); + $real_ext_path = realpath(EXTENSIONS_PATH); + $in_ext_path = (substr($path, 0, strlen($real_ext_path)) === $real_ext_path); if (!$in_ext_path) { return false; } // File to serve must be under a `ext_dir/static/` directory. - $path_relative_to_ext = substr($path, strlen(EXTENSIONS_PATH) + 1); + $path_relative_to_ext = substr($path, strlen($real_ext_path) + 1); $path_splitted = explode('/', $path_relative_to_ext); if (count($path_splitted) < 3 || $path_splitted[1] !== 'static') { return false; |