From 3f648fcf1e36101dc80ad0b68dabcc8440f50eb1 Mon Sep 17 00:00:00 2001
From: Nahuel Angelinetti <nahuel@altnetvision.info>
Date: Mon, 27 Nov 2006 18:21:17 +0000
Subject: [PATCH] =?UTF-8?q?Corrige=20une=20faille=20critique=20permettant?=
 =?UTF-8?q?=20de=20creer=20un=20sous=20domaine=20pointant=20sur=20/=20du?=
 =?UTF-8?q?=20syst=C3=83=C5=A1me?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bureau/class/functions.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/bureau/class/functions.php b/bureau/class/functions.php
index 7119805d..517fc66a 100644
--- a/bureau/class/functions.php
+++ b/bureau/class/functions.php
@@ -195,11 +195,16 @@ function checkuserpath($path) {
   $usar=substr($user,0,1);
   if (substr($path,0,1)=="/")
     $path="/".$path;
-  if (is_dir("/var/alternc/html/$usar/$user$path")) {
-    return 1;
-  }
-  if (is_file("/var/alternc/html/$usar/$user$path")) {
-    return 2;
+
+  $rpath = realpath("/var/alternc/html/$usar/$user$path");
+  $userpath = realpath("/var/alternc/html/$usar/$user");
+  if(strpos($rpath,$userpath) === 0){
+    if (is_dir("/var/alternc/html/$usar/$user$path")) {
+        return 1;
+    }
+    if (is_file("/var/alternc/html/$usar/$user$path")) {
+      return 2;
+    }
   }
   return 0;
 }