From cd58fa0b618da437ba712b102fad66fad22915a3 Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sun, 11 Jan 2015 15:20:34 -0500
Subject: [PATCH] Backport changes from #5635 to 2.x

In case the path passed to the File class doesn't exists, this will
cause File::$path to be set to a partial path, that is the filename
of the passed path with a slash prepended, ex with

    $file = new File('/non/existent/file');

calling $file->pwd() will return/set /file, possibly causing that
file in the root to be accessed.
---
 lib/Cake/Test/Case/Utility/FileTest.php | 13 +++++++++++++
 lib/Cake/Utility/File.php               |  5 ++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/Cake/Test/Case/Utility/FileTest.php b/lib/Cake/Test/Case/Utility/FileTest.php
index 501ff7047..b3e1182ee 100644
--- a/lib/Cake/Test/Case/Utility/FileTest.php
+++ b/lib/Cake/Test/Case/Utility/FileTest.php
@@ -597,4 +597,17 @@ class FileTest extends CakeTestCase {
 
 		$TmpFile->delete();
 	}
+
+/**
+ * Tests that no path is being set for passed file paths that
+ * do not exist.
+ *
+ * @return void
+ */
+	public function testNoPartialPathBeingSetForNonExistentPath()
+	{
+		$tmpFile = new File('/non/existent/file');
+		$this->assertNull($tmpFile->pwd());
+		$this->assertNull($tmpFile->path);
+	}
 }
diff --git a/lib/Cake/Utility/File.php b/lib/Cake/Utility/File.php
index ea2f7d705..e1d62c912 100644
--- a/lib/Cake/Utility/File.php
+++ b/lib/Cake/Utility/File.php
@@ -393,7 +393,10 @@ class File {
  */
 	public function pwd() {
 		if ($this->path === null) {
-			$this->path = $this->Folder->slashTerm($this->Folder->pwd()) . $this->name;
+			$dir = $this->Folder->pwd();
+			if (is_dir($dir)) {
+				$this->path = $this->Folder->slashTerm($dir) . $this->name;
+			}
 		}
 		return $this->path;
 	}