Fix open_basedir check for glob:// opendir wrapper

php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.

Move the check to after the path trim so that we're checking
a meaningful pathspec.

1 files changed, 4 insertions, 4 deletions

diff --git a/main/streams/glob_wrapper.c b/main/streams/glob_wrapper.c
index 8405bef73c..90d7bef0fd 100644
--- a/main/streams/glob_wrapper.c
+++ b/main/streams/glob_wrapper.c
@@ -213,10 +213,6 @@ static php_stream *php_glob_stream_opener(php_stream_wrapper *wrapper, const cha
 	int ret;
 	const char *tmp, *pos;
 
-	if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(path TSRMLS_CC)) {
-		return NULL;
-	}
-
 	if (!strncmp(path, "glob://", sizeof("glob://")-1)) {
 		path += sizeof("glob://")-1;
 		if (opened_path) {
@@ -224,6 +220,10 @@ static php_stream *php_glob_stream_opener(php_stream_wrapper *wrapper, const cha
 		}
 	}
 
+	if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(path TSRMLS_CC)) {
+		return NULL;
+	}
+
 	pglob = ecalloc(sizeof(*pglob), 1);
 	
 	if (0 != (ret = glob(path, pglob->flags & GLOB_FLAGMASK, NULL, &pglob->glob))) {