diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2007-05-27 17:33:39 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2007-05-27 17:33:39 +0000 |
| commit | 6f61e8472780eae3ddcb566baefba0538ea53059 (patch) | |
| tree | b6833f9133b13a93432a1259f0f043b1f7ae0cd0 /ext/standard/file.c | |
| parent | d2ec6b60da260fa0061340645aa80ec77b6234e4 (diff) | |
| download | php-git-6f61e8472780eae3ddcb566baefba0538ea53059.tar.gz | |
Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()).
Diffstat (limited to 'ext/standard/file.c')
| -rw-r--r-- | ext/standard/file.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/file.c b/ext/standard/file.c index 870972b366..e6dd5d71a4 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -2371,6 +2371,14 @@ PHP_FUNCTION(realpath) convert_to_string_ex(path); if (VCWD_REALPATH(Z_STRVAL_PP(path), resolved_path_buff)) { + if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } + + if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) { + RETURN_FALSE; + } + #ifdef ZTS if (VCWD_ACCESS(resolved_path_buff, F_OK)) { RETURN_FALSE; |