From fa3532dc8eec13edaff0a9c9fe145236a0eccde3 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <mail@girish.in>
Date: Fri, 1 Jun 2018 14:19:24 -0700
Subject: Use realpath of EXTENSIONS_PATH (#1911)

This handles the case where the extensions directory might be a symlink
---
 p/ext.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'p')

diff --git a/p/ext.php b/p/ext.php
index bb16d02d3..427bdc253 100644
--- a/p/ext.php
+++ b/p/ext.php
@@ -19,13 +19,14 @@ require(__DIR__ . '/../constants.php');
  */
 function is_valid_path($path) {
 	// It must be under the extension path.
-	$in_ext_path = (substr($path, 0, strlen(EXTENSIONS_PATH)) === EXTENSIONS_PATH);
+	$real_ext_path = realpath(EXTENSIONS_PATH);
+	$in_ext_path = (substr($path, 0, strlen($real_ext_path)) === $real_ext_path);
 	if (!$in_ext_path) {
 		return false;
 	}
 
 	// File to serve must be under a `ext_dir/static/` directory.
-	$path_relative_to_ext = substr($path, strlen(EXTENSIONS_PATH) + 1);
+	$path_relative_to_ext = substr($path, strlen($real_ext_path) + 1);
 	$path_splitted = explode('/', $path_relative_to_ext);
 	if (count($path_splitted) < 3 || $path_splitted[1] !== 'static') {
 		return false;
-- 
cgit v1.2.3