From 7705272218a81a4864e72b57e010cdc45a0802c5 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 13 Mar 2008 14:09:54 +0000
Subject: Disable path resolution for filenames with stream wrappers More
 careful check for relative pathes (./xxx and ../xxx)

---
 main/fopen_wrappers.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'main/fopen_wrappers.c')

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 3fa92b121f..d686a303ac 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -446,13 +446,21 @@ PHPAPI char *php_resolve_path(const char *filename, int filename_length, const c
 {
 	char resolved_path[MAXPATHLEN];
 	char trypath[MAXPATHLEN];
-	char *ptr, *end;
+	const char *ptr, *end, *p;
 
 	if (!filename) {
 		return NULL;
 	}
 
-	if (*filename == '.' ||
+	/* Don't resolve patches which contain protocol */
+	for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+    if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
+    	return NULL;
+    }
+
+	if ((*filename == '.' && 
+	     (IS_SLASH(filename[1]) || 
+	      ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
 	    IS_ABSOLUTE_PATH(filename, filename_length) ||
 	    !path ||
 	    !*path) {
-- 
cgit v1.2.1