diff options
| -rwxr-xr-x | main/streams.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/main/streams.c b/main/streams.c index e820e53d18..e7e576f155 100755 --- a/main/streams.c +++ b/main/streams.c @@ -1518,7 +1518,16 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char filename_length = strlen(filename); /* Relative path open */ - if (*filename == '.') { + if (*filename == '.' && (*(filename+1) == '/' || *(filename+1) == '.')) { + /* further checks, we could have ....... filenames */ + ptr = filename + 1; + if (ptr == '.') { + while (*(++ptr) == '.'); + if (ptr != '/') { /* not a relative path after all */ + goto not_relative_path; + } + } + if (php_check_open_basedir(filename TSRMLS_CC)) { return NULL; @@ -1535,6 +1544,8 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char * safe mode GID/UID checks */ + not_relative_path: + /* Absolute path open */ if (IS_ABSOLUTE_PATH(filename, filename_length)) { |