Bugfix #25056

1 files changed, 13 insertions, 5 deletions

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 2c4b69b175..07a33a9d5b 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -1107,7 +1107,7 @@ PHP_FUNCTION(sqlite_popen)
 PHP_FUNCTION(sqlite_open)
 {
 	int mode = 0666;
-	char *filename;
+	char *filename, *fullpath = NULL;
 	long filename_len;
 	zval *errmsg = NULL;
 	zval *object = getThis();
@@ -1123,17 +1123,22 @@ PHP_FUNCTION(sqlite_open)
 	}
 
 	if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
-		if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		/* resolve the fully-qualified path name to use as the hash key */
+		fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+	
+		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 			php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC);
+			efree(fullpath);
 			if (object) {
 				RETURN_NULL();
 			} else {
 				RETURN_FALSE;
 			}
 		}
-	
-		if (php_check_open_basedir(filename TSRMLS_CC)) {
+
+		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
 			php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC);
+			efree(fullpath);
 			if (object) {
 				RETURN_NULL();
 			} else {
@@ -1142,8 +1147,11 @@ PHP_FUNCTION(sqlite_open)
 		}
 	}
 
-	php_sqlite_open(filename, mode, NULL, return_value, errmsg, object TSRMLS_CC);
+	php_sqlite_open(fullpath?fullpath:filename, mode, NULL, return_value, errmsg, object TSRMLS_CC);
 
+	if (fullpath) {
+		efree(fullpath);
+	}
 	php_set_error_handling(EH_NORMAL, NULL TSRMLS_CC);
 }
 /* }}} */