always check save_path (issue reported by Maksymilian Arciemowicz)

author: Stanislav Malyshev <stas@php.net> 2007-07-10 17:40:41 +0000
committer: Stanislav Malyshev <stas@php.net> 2007-07-10 17:40:41 +0000
commit: 143badba52749ccaadd2b3eb3fad9be28f6e02b2 (patch)
tree: e38062ed10e8a02575c1f2de134680858cf9b3c1 /ext/session/mod_files.c
parent: 90fd8fd7e859bcf513e14ba1bbaa2dde3cd32239 (diff)
download: php-git-143badba52749ccaadd2b3eb3fad9be28f6e02b2.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index ddb9376047..cd5bda2204 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -294,6 +294,14 @@ PS_OPEN_FUNC(files)
 	}
 	save_path = argv[argc - 1];
 
+	if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		return FAILURE;
+	}
+
+	if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
+		return FAILURE;
+	}
+
 	data = emalloc(sizeof(*data));
 	memset(data, 0, sizeof(*data));
 	
@@ -304,7 +312,7 @@ PS_OPEN_FUNC(files)
 	data->basedir = estrndup(save_path, data->basedir_len);
 	
 	PS_SET_MOD_DATA(data);
-	
+
 	return SUCCESS;
 }
author	Stanislav Malyshev <stas@php.net>	2007-07-10 17:40:41 +0000
committer	Stanislav Malyshev <stas@php.net>	2007-07-10 17:40:41 +0000
commit	143badba52749ccaadd2b3eb3fad9be28f6e02b2 (patch)
tree	e38062ed10e8a02575c1f2de134680858cf9b3c1 /ext/session/mod_files.c
parent	90fd8fd7e859bcf513e14ba1bbaa2dde3cd32239 (diff)
download	php-git-143badba52749ccaadd2b3eb3fad9be28f6e02b2.tar.gz