diff options
| author | Sascha Schumann <sas@php.net> | 1999-10-21 12:28:36 +0000 |
|---|---|---|
| committer | Sascha Schumann <sas@php.net> | 1999-10-21 12:28:36 +0000 |
| commit | 4703eb404da486fab544f30800bd4dcadca5d0ea (patch) | |
| tree | 64e3078be02f41d0d25faaf74bc2ba34b9717643 | |
| parent | 230556b646fd781a3aabb22126df12d079a8f49e (diff) | |
| download | php-git-4703eb404da486fab544f30800bd4dcadca5d0ea.tar.gz | |
(_ps_files_open): evaluate key (session id) before path creation
| -rw-r--r-- | ext/session/mod_files.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 5fa71295b7..b8cb0f7716 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -61,6 +61,32 @@ ps_module ps_mod_files = { #define DIR_DELIMITER '/' #endif +static int _ps_files_valid_key(const char *key) +{ + size_t len; + const char *p; + char c; + int ret = 1; + + for(p = key; (c = *p); p++) { + /* valid characters are a..z,A..Z,0..9 */ + if(!(c >= 'a' && c <= 'z') || + (c >= 'A' && c <= 'Z') || + (c >= '0' && c <= '9')) { + ret = 0; + break; + } + } + + len = p - key; + + if(len == 0) { + ret = 0; + } + + return ret; +} + static char *_ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key) { int keylen; @@ -98,7 +124,8 @@ static void _ps_files_open(ps_files *data, const char *key) data->fd = -1; } - if(!_ps_files_path_create(buf, sizeof(buf), data, key)) + if(!_ps_files_valid_key(key) || + !_ps_files_path_create(buf, sizeof(buf), data, key)) return; data->lastkey = estrdup(key); |