diff options
| author | Stanislav Malyshev <stas@php.net> | 2019-05-27 21:36:05 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2019-05-27 21:36:05 -0700 |
| commit | 9d473f1eac86662c3ef14a824cb9aed03d53592f (patch) | |
| tree | 5320c517e78ca99c673c6facaf88bb7a21e6c5ca | |
| parent | 13dffa9d32ccd0a167956adb49429d71252c6a02 (diff) | |
| parent | fbb6a27212641110dd688296de43cd2a0e08a1ba (diff) | |
| download | php-git-9d473f1eac86662c3ef14a824cb9aed03d53592f.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #77967 - Bypassing open_basedir restrictions via file uris
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 43ae17297e..6ae049a740 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -2067,6 +2067,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar case SQLITE_ATTACH: { if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) { + if (strncmp(arg3, "file:", 5) == 0) { + /* starts with "file:" */ + if (!arg3[5]) { + return SQLITE_DENY; + } + if (php_check_open_basedir(arg3 + 5)) { + return SQLITE_DENY; + } + } if (php_check_open_basedir(arg3)) { return SQLITE_DENY; } |