diff options
author | Pierre Joye <pajoye@php.net> | 2007-03-14 12:02:40 +0000 |
---|---|---|
committer | Pierre Joye <pajoye@php.net> | 2007-03-14 12:02:40 +0000 |
commit | 4a13ef4b17c8a6be4cdfbcef36ebb5cf137a222d (patch) | |
tree | 184c98365a3b457863bac636417719759368774e | |
parent | d70b79a153ba63bb173db86940074105603042f9 (diff) | |
download | php-git-4a13ef4b17c8a6be4cdfbcef36ebb5cf137a222d.tar.gz |
- add openbase_dir checks in ::open and addFile()
-rw-r--r-- | ext/zip/php_zip.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 393b5c28ff..83af1280d3 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -927,6 +927,10 @@ static ZIPARCHIVE_METHOD(open) RETURN_FALSE; } + if (OPENBASEDIR_CHECKPATH(filename)) { + RETURN_FALSE; + } + if(!expand_filepath(filename, resolved_path TSRMLS_CC)) { RETURN_FALSE; } @@ -1067,6 +1071,10 @@ static ZIPARCHIVE_METHOD(addFile) } } + if (OPENBASEDIR_CHECKPATH(filename)) { + RETURN_FALSE; + } + if(!expand_filepath(filename, resolved_path TSRMLS_CC)) { if (Z_TYPE_PP(filename_zval) == IS_UNICODE) { efree(entry_name); |