diff --git a/include/smarty/internals/core.is_secure.php b/include/smarty/internals/core.is_secure.php
index 342f3aff876a9324b5df3bbbfeeb39965d520756..d54abd432275a75bba7c53274ca5c9866039c871 100644 (file)
foreach ((array)$params['resource_base_path'] as $curr_dir) {
if ( ($_cd = realpath($curr_dir)) !== false &&
strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
- $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
+ substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
return true;
}
}
}
if (!empty($smarty->secure_dir)) {
foreach ((array)$smarty->secure_dir as $curr_dir) {
- if ( ($_cd = realpath($curr_dir)) !== false &&
- strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
- $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
- return true;
- }
+ if ( ($_cd = realpath($curr_dir)) !== false) {
+ if($_cd == $_rp) {
+ return true;
+ } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
+ substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
+ return true;
+ }
+ }
}
}
} else {