From: Alexis Laferrière <alexis.laf@xymus.net>
Date: Tue, 8 Dec 2015 13:28:48 +0000 (-0500)
Subject: contrib/nitiwiki: use absolute paths to detect access outside the source dir
X-Git-Tag: v0.8~50^2~1
X-Git-Url: http://nitlanguage.org

contrib/nitiwiki: use absolute paths to detect access outside the source dir

Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>
---

diff --git a/contrib/nitiwiki/src/wiki_edit.nit b/contrib/nitiwiki/src/wiki_edit.nit
index 22faa25..7dd6012 100644
--- a/contrib/nitiwiki/src/wiki_edit.nit
+++ b/contrib/nitiwiki/src/wiki_edit.nit
@@ -94,7 +94,10 @@ class EditAction
 		var file_path = turi.strip_leading_slash
 		file_path = wiki_root / file_path
 
-		if not file_path.simplify_path.has_prefix(source_dir) then
+		var abs_file_path = file_path.to_absolute_path
+		var abs_source_dir = source_dir.to_absolute_path
+
+		if not abs_file_path.has_prefix(abs_source_dir) then
 			# Attempting to access a file outside the source directory
 			var entity = new WikiEditForm(wiki, turi.strip_leading_slash,
 				"Access denied: ", "", "<p>Target outside of the source directory</p>")
@@ -166,6 +169,11 @@ redef class String
 		if has_prefix("/") then return substring_from(1)
 		return self
 	end
+
+	private fun to_absolute_path: String
+	do
+		return (getcwd / self).simplify_path
+	end
 end
 
 var config_file_path = "config.ini"