module.php: Be more paranoid when verifying paths.

Cannot see a way that this can be used to escape the module www directory, but being more specific in the test won't hurt. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2961 44740490-163a-0410-bde0-09ae8108e29a

module.php: Be more paranoid when verifying paths.
Cannot see a way that this can be used to escape the module www directory, but being more specific in the test won't hurt. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2961 44740490-163a-0410-bde0-09ae8108e29a
cf2658cd · Olav Morken · 0b854969 · cf2658cd
Commit cf2658cd authored 13 years ago by Olav Morken
--- a/www/module.php
+++ b/www/module.php
@@ -75,9 +75,9 @@ try {
 	 * URL will detect both '../' and './'. Searching for '\' will detect attempts to
 	 * use Windows-style paths.
 	 */
-	if (strpos($url, '\\')) {
+	if (strpos($url, '\\') !== FALSE) {
 		throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
-	} elseif (strpos($url, './')) {
+	} elseif (strpos($url, './') !== FALSE) {
 		throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
 	}