Merge branch '1.x' into 2.x

* 1.x:
  Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

Author: fabpot

src/Loader/FilesystemLoader.php

@@ -206,9 +206,9 @@ protected function findTemplate($name, $throw = true)
         }
 
         try {
-            $this->validateName($name);
-
             list($namespace, $shortname) = $this->parseName($name);
+
+            $this->validateName($shortname);
         } catch (LoaderError $e) {
             if (!$throw) {
                 return false;

tests/Loader/FilesystemTest.php

@@ -32,6 +32,7 @@ public function testGetSourceContext()
     public function testSecurity($template)
     {
         $loader = new FilesystemLoader([__DIR__.'/../Fixtures']);
+        $loader->addPath(__DIR__.'/../Fixtures', 'foo');
 
         try {
             $loader->getCacheKey($template);
@@ -63,6 +64,10 @@ public function getSecurityTests()
             ['filters\\\\..\\\\..\\\\AutoloaderTest.php'],
             ['filters\\//../\\/\\..\\AutoloaderTest.php'],
             ['/../AutoloaderTest.php'],
+            ['@__main__/../AutoloaderTest.php'],
+            ['@foo/../AutoloaderTest.php'],
+            ['@__main__/../../AutoloaderTest.php'],
+            ['@foo/../../AutoloaderTest.php'],
         ];
     }