Adding checks for directory traversal attempts related to recent changes allowing plugins and themes to include their own webroot/* assets

cake/dispatcher.php

@@ -600,7 +600,7 @@ class Dispatcher extends Object {
  * @access public
  */
 	function cached($url) {
-		if (strpos($url, '.')) {
+		if (strpos($url, '..') === false && strpos($url, '.')) {
 			if (strpos($url, 'ccss/') === 0) {
 				include WWW_ROOT . DS . Configure::read('Asset.filter.css');
 				$this->_stop();

cake/libs/configure.php

@@ -235,7 +235,9 @@ class Configure extends Object {
 		if ($plugin) {
 			$pluginPath = App::pluginPath($plugin);
 		}
+		$pos = strpos($fileName, '..');
 		
+		if ($pos === false) {
 			if ($pluginPath && file_exists($pluginPath . 'config' . DS . $fileName . '.php')) {
 				include($pluginPath . 'config' . DS . $fileName . '.php');
 				$found = true;
@@ -254,6 +256,7 @@ class Configure extends Object {
 					}
 				}
 			}
+		}
 
 		if (!$found) {
 			return false;

cake/tests/cases/dispatcher.test.php

@@ -1786,6 +1786,10 @@ class DispatcherTest extends CakeTestCase {
 		$Dispatcher =& new TestDispatcher();
 		$debug = Configure::read('debug');
 		Configure::write('debug', 0);
+		ob_start();
+		$Dispatcher->dispatch('theme/test_theme/../webroot/css/test_asset.css');
+		$result = ob_get_clean();
+		$this->assertEqual(null, $result);
 		
 		ob_start();
 		$Dispatcher->dispatch('theme/test_theme/flash/theme_test.swf');

cake/tests/cases/libs/configure.test.php

@@ -222,6 +222,9 @@ class ConfigureTest extends CakeTestCase {
 
 		$result = Configure::load('config');
 		$this->assertTrue($result === null);
+		
+		$result = Configure::load('../../index');
+		$this->assertFalse($result);
 	}
 
 /**