Uninitialized string offset when _realpath is empty in Net\SFTP.php

[mnewnham]

phpseclib version 2.0.27
program NET\SFTP.php
function _realpath

Issue

if empty value is passed to _realpath as the value of $path, the following error is generated:

uninitialized string offset: 0, line 722

Solution

Change line 722 from

if ($path[0] != '/') {

to

if ($path && $path[0] != '/') {

[terrafrost]

With your proposed changes $sftp->realpath('') would return /. It's not immediately obvious what it ought to return but my gut says that it'd be better if it returned the same thing that $sftp->realpath('.') returned? This could be faciliated by doing if (!strlen($path) || $path[0] != '/') { or if (!$path || $path[0] != '/') {.

Do you have any strong opinion on / or $sftp->realpath('.') ?

[mnewnham]

I have no real opinion on this as I simply don't know enough on the subject. The fix was the one I applied to make the problem go away and to not change any paths in my own use case

[terrafrost]

https://www.php.net/realpath treats '' and '.' the same way so I went ahead and went with that route:

a07f5bc