diff options
Diffstat (limited to 'ext/sqlite3/sqlite3.c')
-rw-r--r-- | ext/sqlite3/sqlite3.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 7e7a3a0454..9e70f06651 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -2034,6 +2034,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar case SQLITE_ATTACH: { if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) { + if (strncmp(arg3, "file:", 5) == 0) { + /* starts with "file:" */ + if (!arg3[5]) { + return SQLITE_DENY; + } + if (php_check_open_basedir(arg3 + 5)) { + return SQLITE_DENY; + } + } if (php_check_open_basedir(arg3)) { return SQLITE_DENY; } |