Merge branch 'PHP-5.6'

* PHP-5.6:
  Fix #70264: CLI server directory traversal

2 files changed, 33 insertions, 0 deletions

diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 9c00fa0bdf..709154da70 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1469,6 +1469,18 @@ static void normalize_vpath(char **retval, size_t *retval_len, const char *vpath
 
 	decoded_vpath_end = decoded_vpath + php_url_decode(decoded_vpath, (int)vpath_len);
 
+#ifdef PHP_WIN32
+	{
+		char *p = decoded_vpath;
+		
+		do {
+			if (*p == '\\') {
+				*p = '/';
+			}
+		} while (*p++);
+	}
+#endif
+
 	p = decoded_vpath;
 
 	if (p < decoded_vpath_end && *p == '/') {
diff --git a/sapi/cli/tests/bug70264.phpt b/sapi/cli/tests/bug70264.phpt
new file mode 100644
index 0000000000..877b1194f2
--- /dev/null
+++ b/sapi/cli/tests/bug70264.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #70264 (CLI server directory traversal)
+--INI--
+allow_url_fopen=1
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+include "php_cli_server.inc";
+php_cli_server_start(null, null);
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/..\\CREDITS");
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/..%5CCREDITS");
+?>
+--EXPECTF--
+Warning: file_get_contents(http://%s/..\CREDITS): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
+ in %sbug70264.php on line %d
+
+Warning: file_get_contents(http://%s/..%5CCREDITS): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
+ in %sbug70264.php on line %d