diff options
| author | Stanislav Malyshev <stas@php.net> | 2007-07-10 17:50:46 +0000 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2007-07-10 17:50:46 +0000 |
| commit | f7c7f5df59686b172b7246e487c74d9ea85fed29 (patch) | |
| tree | dffbf47294a7aba9efd7785b4fcc48c6a00d9936 | |
| parent | 7869d9d068e1f35f07f06aa824914ae3a664752a (diff) | |
| download | php-git-f7c7f5df59686b172b7246e487c74d9ea85fed29.tar.gz | |
always check save_path (issue reported by Maksymilian Arciemowicz)
| -rw-r--r-- | ext/session/mod_files.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 2fbd07e31f..84fb778b96 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -264,6 +264,14 @@ PS_OPEN_FUNC(files) } save_path = p + 1; } + + if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + return FAILURE; + } + if (php_check_open_basedir(save_path TSRMLS_CC)) { + return FAILURE; + } + data->basedir_len = strlen(save_path); data->basedir = estrndup(save_path, data->basedir_len); |