diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2006-09-16 18:10:32 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2006-09-16 18:10:32 +0000 |
| commit | 4c65e0e1cd4c4907b203c8dedaab726e162292db (patch) | |
| tree | 5395c306a9ac707a3bdac936a8e87e24704cb005 /ext/sqlite/pdo_sqlite2.c | |
| parent | bfc9cd7174155368c11e94f45c6e32e0e7ddb677 (diff) | |
| download | php-git-4c65e0e1cd4c4907b203c8dedaab726e162292db.tar.gz | |
Added missing validation checks around expand_filepath()
Diffstat (limited to 'ext/sqlite/pdo_sqlite2.c')
| -rw-r--r-- | ext/sqlite/pdo_sqlite2.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 7788b3f8b3..0df676fec4 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -518,6 +518,10 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!fullpath) { + return NULL; + } + if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { efree(fullpath); return NULL; |