1
0
Fork 0

Fix possible vendor-dir "evasion" via target-dir

pull/1128/head
Jordi Boggiano 2012-09-18 18:30:11 +02:00
parent ebc9c73008
commit f377e9ca87
2 changed files with 20 additions and 1 deletions

View File

@ -114,7 +114,11 @@ class Package extends BasePackage
*/
public function getTargetDir()
{
return $this->targetDir;
if (null === $this->targetDir) {
return;
}
return ltrim(preg_replace('{ (?:^|[\\\\/]) \.\.? (?:[\\\\/]|$) (?:\.\.? (?:[\\\\/]|$) )*}x', '/', $this->targetDir), '/');
}
/**

View File

@ -71,4 +71,19 @@ class CompletePackageTest extends TestCase
$this->assertEquals(strtolower($name).'-'.$normVersion, (string) $package);
}
public function testGetTargetDir()
{
$package = new Package('a', '1.0.0.0', '1.0');
$this->assertNull($package->getTargetDir());
$package->setTargetDir('./../foo/');
$this->assertEquals('foo/', $package->getTargetDir());
$package->setTargetDir('foo/../../../bar/');
$this->assertEquals('foo/bar/', $package->getTargetDir());
$package->setTargetDir('../..');
$this->assertEquals('', $package->getTargetDir());
}
}