From 2f1c4a56af8624510c19077d91baa0e776f2cc59 Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Mon, 4 Jan 2010 18:51:18 +0100
Subject: [PATCH] This check doesn't work with symlinks, and It's look overly
 cautious, because the url is always coming from the configuration file
 afaict.

---
 horde/services/prefs.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/horde/services/prefs.php b/horde/services/prefs.php
index e524318a7..172e1ce9d 100644
--- a/horde/services/prefs.php
+++ b/horde/services/prefs.php
@@ -62,9 +62,8 @@ try {
 /* See if this group has a custom URL. */
 if ($group && !empty($prefGroups[$group]['url'])) {
     $pref_url = $prefGroups[$group]['url'];
-    $filename = realpath($appbase . '/' . $pref_url);
-    if (file_exists($filename) &&
-        (strpos($filename, $appbase) === 0)) {
+    $filename = $appbase . '/' . $pref_url;
+    if (file_exists($filename)) {
         require $filename;
         return;
     }
-- 
2.11.0