Backport changes from #5635 to 2.x

In case the path passed to the File class doesn't exists, this will cause File::$path to be set to a partial path, that is the filename of the passed path with a slash prepended, ex with $file = new File('/non/existent/file'); calling $file->pwd() will return/set /file, possibly causing that file in the root to be accessed.
2025-01-19 02:56:15 +00:00 · 2015-01-11 15:20:34 -05:00 · 2015-01-11 15:20:34 -05:00 · cd58fa0b61
commit cd58fa0b61
parent 0a4141c78c
2 changed files with 17 additions and 1 deletions
--- a/lib/Cake/Test/Case/Utility/FileTest.php
+++ b/lib/Cake/Test/Case/Utility/FileTest.php
@ -597,4 +597,17 @@ class FileTest extends CakeTestCase {

 		$TmpFile->delete();
 	}
+
+/**
+ * Tests that no path is being set for passed file paths that
+ * do not exist.
+ *
+ * @return void
+ */
+	public function testNoPartialPathBeingSetForNonExistentPath()
+	{
+		$tmpFile = new File('/non/existent/file');
+		$this->assertNull($tmpFile->pwd());
+		$this->assertNull($tmpFile->path);
+	}
 }
--- a/lib/Cake/Utility/File.php
+++ b/lib/Cake/Utility/File.php
@ -393,7 +393,10 @@ class File {
 */
 	public function pwd() {
 		if ($this->path === null) {
-			$this->path = $this->Folder->slashTerm($this->Folder->pwd()) . $this->name;
+			$dir = $this->Folder->pwd();
+			if (is_dir($dir)) {
+				$this->path = $this->Folder->slashTerm($dir) . $this->name;
+			}
 		}
 		return $this->path;
 	}