diff options
Diffstat (limited to 'ext')
-rw-r--r-- | ext/zip/php_zip.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index e618d8b9e7..88e5e88e12 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -616,16 +616,27 @@ static PHP_FUNCTION(zip_open) { char *filename; int filename_len; + char resolved_path[MAXPATHLEN + 1]; zip_rsrc *rsrc_int; int err = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { return; } + + if (filename_len == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty string as source"); + RETURN_FALSE; + } + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } + if(!expand_filepath(filename, resolved_path TSRMLS_CC)) { + RETURN_FALSE; + } + rsrc_int = (zip_rsrc *)emalloc(sizeof(zip_rsrc)); rsrc_int->za = zip_open(filename, 0, &err); |