From ed5ca9e4ccb2741c33ac2c88082728066bc715fb Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Fri, 18 Dec 2015 14:55:19 -0800
Subject: [PATCH] use realpath to bypass symlinks and check actually directory

---
 include/comanche.php |  2 +-
 include/plugin.php   | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/comanche.php b/include/comanche.php
index 5bffc3dbf..1537226ca 100644
--- a/include/comanche.php
+++ b/include/comanche.php
@@ -287,7 +287,7 @@ function comanche_widget($name, $text) {
 	if(! function_exists($func)) {
 		if(file_exists('widget/' . trim($name) . '.php'))
 			require_once('widget/' . trim($name) . '.php');
-		elseif(is_dir('widget/'. trim($name)) 
+		elseif(folder_exists('widget/'. trim($name)) 
 			&& (file_exists('widget/' . trim($name) . '/' . trim($name) . '.php')))
 			require_once('widget/' . trim($name) . '/' . trim($name) . '.php');
 	}
diff --git a/include/plugin.php b/include/plugin.php
index 1f4d60736..4a35a0170 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -636,3 +636,13 @@ function get_std_version() {
 		return STD_VERSION;
 	return '0.0.0';
 }
+
+
+function folder_exists($folder)
+{
+    // Get canonicalized absolute pathname
+    $path = realpath($folder);
+
+    // If it exist, check if it's a directory
+    return (($path !== false) && is_dir($path)) ? $path : false;
+}
\ No newline at end of file