From d4b0843fe48991272f1c1c64898e8a44dc949ad0 Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sun, 8 Jul 2012 22:15:53 +0200
Subject: [PATCH] Prevent information disclosure in farms by disallowing
 subdirectories

---
 inc/farm.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/farm.php b/inc/farm.php
index a998eaab6..af1035707 100644
--- a/inc/farm.php
+++ b/inc/farm.php
@@ -46,8 +46,8 @@ function farm_confpath($farm) {
     if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) {
         $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli';
         $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal'];
-        // check that $animal is a string and specifies a subdirectory of $farm
-        if (!is_string($animal) || strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0)
+        // check that $animal is a string and just a directory name and not a path
+        if (!is_string($animal) || strpbrk($animal, '\\/') !== false)
             nice_die('Sorry! Invalid animal name!');
         if(!is_dir($farm.'/'.$animal))
             nice_die("Sorry! This Wiki doesn't exist!");
-- 
GitLab