MFH

author: Shane Caraveo <shane@php.net> 2003-03-27 17:57:58 +0000
committer: Shane Caraveo <shane@php.net> 2003-03-27 17:57:58 +0000
commit: ce2edd18c7c18743ce71ec8c8a7dcd671f753750 (patch)
tree: 027c54fbf2355cd2a0be2604509f9e0cf702b7f4 /sapi/isapi
parent: f85ea33a983a0da23c9b2afd723fe536659c9f67 (diff)
download: php-git-ce2edd18c7c18743ce71ec8c8a7dcd671f753750.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sapi/isapi/php4isapi.c b/sapi/isapi/php4isapi.c
index b496d4344c..fc8f5d9667 100644
--- a/sapi/isapi/php4isapi.c
+++ b/sapi/isapi/php4isapi.c
@@ -744,16 +744,22 @@ DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB)
 					 * variable won't be present, so fall back to old behaviour.
 					 */
 					efree( file_handle.filename );
-					file_handle.filename = SG(request_info.path_translated);
+					file_handle.filename = SG(request_info).path_translated;
 					file_handle.free_filename = 0;
 				}
 			}
 #else
-			file_handle.filename = SG(request_info.path_translated);
+			file_handle.filename = SG(request_info).path_translated;
 			file_handle.free_filename = 0;
 #endif
 			file_handle.type = ZEND_HANDLE_FILENAME;
 			file_handle.opened_path = NULL;
+			/* some server configurations allow '..' to slip through in the
+			   translated path.   We'll just refuse to handle such a path. */
+			if (strstr(SG(request_info).path_translated,"..")) {
+				SG(sapi_headers).http_response_code = 404;
+				SG(request_info).path_translated = NULL;
+			}
 
 			php_request_startup(TSRMLS_C);
 			php_execute_script(&file_handle TSRMLS_CC);
author	Shane Caraveo <shane@php.net>	2003-03-27 17:57:58 +0000
committer	Shane Caraveo <shane@php.net>	2003-03-27 17:57:58 +0000
commit	ce2edd18c7c18743ce71ec8c8a7dcd671f753750 (patch)
tree	027c54fbf2355cd2a0be2604509f9e0cf702b7f4 /sapi/isapi
parent	f85ea33a983a0da23c9b2afd723fe536659c9f67 (diff)
download	php-git-ce2edd18c7c18743ce71ec8c8a7dcd671f753750.tar.gz