From cf2658cd47deb154d3250d23e485f7b9ee93488d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 28 Oct 2011 08:17:01 +0000
Subject: [PATCH] module.php: Be more paranoid when verifying paths.

Cannot see a way that this can be used to escape the module www
directory, but being more specific in the test won't hurt.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2961 44740490-163a-0410-bde0-09ae8108e29a
---
 www/module.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/module.php b/www/module.php
index 19ccc586e..14bfd4c22 100644
--- a/www/module.php
+++ b/www/module.php
@@ -75,9 +75,9 @@ try {
 	 * URL will detect both '../' and './'. Searching for '\' will detect attempts to
 	 * use Windows-style paths.
 	 */
-	if (strpos($url, '\\')) {
+	if (strpos($url, '\\') !== FALSE) {
 		throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
-	} elseif (strpos($url, './')) {
+	} elseif (strpos($url, './') !== FALSE) {
 		throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
 	}
 
-- 
GitLab