On page 320, at the top of the page there is a
gray box section containing code,
The variable $target is not defined (line 10);
I think this should be $template.
I think the idea is that you want
TEMPLATE_DIR to be completely contained within $template;
and start at the 0th position of $template.
The strpos test is a good test for this, but I would
change the conditional test into two test. One test to see if
TEMPLATE_DIR is contained within $template
PHP Code:
strpos($template, TEMPLATE_DIR ) !== false
and another test to test that TEMPLATE_DIR starts
at template's string position 0.
PHP Code:
strpos($template, TEMPLATE_DIR ) == 0
The whole conditional would now look like this.
PHP Code:
if (isset($template) &&
strpos($template, TEMPLATE_DIR ) !== false &&
strpos($template, TEMPLATE_DIR ) == 0 &&
file_exists($template))
{
I think I understand what they were trying to do
with
PHP Code:
strpos($template, TEMPLATE_DIR ) !== 0
but when I tried it, it did not work for me. It did not return
0, it returned false. The online documentation for Php,
strpos, has a warning saying basically that it can return
false, 0, or ""; so this can be tricky. I choose
what was working for me on my system. Your system may be
different. I think the best thing to do is experiment and
see how it works for you.
Chap 12 - Security, Path Traversal
