Merge branch 'PHP-5.6'

* PHP-5.6: Fix #70264: CLI server directory traversal
author: Christoph M. Becker <cmb@php.net> 2015-08-14 17:18:35 +0200
committer: Christoph M. Becker <cmb@php.net> 2015-08-14 17:18:35 +0200
commit: fc444896af3bfd6c051913b6f0db49f3376e586b (patch)
tree: 641e2667b3444066ac4e96f8726a326642312ccd /sapi/cli/php_cli_server.c
parent: 2af19fb50a593faaba53a8b0980bae93e89fbbb2 (diff)
parent: 23d0b938930717c54e77e56c0985a8e47b3a79ae (diff)
download: php-git-fc444896af3bfd6c051913b6f0db49f3376e586b.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 9c00fa0bdf..709154da70 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1469,6 +1469,18 @@ static void normalize_vpath(char **retval, size_t *retval_len, const char *vpath
 
 	decoded_vpath_end = decoded_vpath + php_url_decode(decoded_vpath, (int)vpath_len);
 
+#ifdef PHP_WIN32
+	{
+		char *p = decoded_vpath;
+		
+		do {
+			if (*p == '\\') {
+				*p = '/';
+			}
+		} while (*p++);
+	}
+#endif
+
 	p = decoded_vpath;
 
 	if (p < decoded_vpath_end && *p == '/') {
author	Christoph M. Becker <cmb@php.net>	2015-08-14 17:18:35 +0200
committer	Christoph M. Becker <cmb@php.net>	2015-08-14 17:18:35 +0200
commit	fc444896af3bfd6c051913b6f0db49f3376e586b (patch)
tree	641e2667b3444066ac4e96f8726a326642312ccd /sapi/cli/php_cli_server.c
parent	2af19fb50a593faaba53a8b0980bae93e89fbbb2 (diff)
parent	23d0b938930717c54e77e56c0985a8e47b3a79ae (diff)
download	php-git-fc444896af3bfd6c051913b6f0db49f3376e586b.tar.gz