From e949850881e5f2f4897c3fd4dfe0f161fc9e0adb Mon Sep 17 00:00:00 2001
From: Shane Caraveo <shane@php.net>
Date: Thu, 27 Mar 2003 17:52:33 +0000
Subject: handle invalid paths passed to us from iis

---
 sapi/cgi/cgi_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sapi/cgi/cgi_main.c')

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 5d99c2244f..2295d94e2a 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -827,7 +827,9 @@ static void init_request_info(TSRMLS_D)
 #endif
 		SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD",0 TSRMLS_CC);
 		SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING",0 TSRMLS_CC);
-		if (script_path_translated)
+		/* some server configurations allow '..' to slip through in the
+		   translated path.   We'll just refuse to handle such a path. */
+		if (script_path_translated && !strstr(script_path_translated,".."))
 			SG(request_info).path_translated = estrdup(script_path_translated);
 		SG(request_info).content_type = (content_type ? content_type : "" );
 		SG(request_info).content_length = (content_length?atoi(content_length):0);
-- 
cgit v1.2.1