From c685f6ca1372609b36844baeaf990b37a76d0cd2 Mon Sep 17 00:00:00 2001 From: mark_story Date: Tue, 2 Jul 2013 17:28:28 -0400 Subject: [PATCH] Make check for `..` more specific. A `..` anywhere in the classname is invalid. --- lib/Cake/Core/App.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Cake/Core/App.php b/lib/Cake/Core/App.php index 4913c7cc3..fad7b83a1 100644 --- a/lib/Cake/Core/App.php +++ b/lib/Cake/Core/App.php @@ -535,7 +535,7 @@ class App { if (!isset(self::$_classMap[$className])) { return false; } - if (strpos($className, '..')) { + if (strpos($className, '..') !== false) { return false; }