always check save_path (issue reported by Maksymilian Arciemowicz)

author Stanislav Malyshev <stas@php.net>

Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)

committer Stanislav Malyshev <stas@php.net>

Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)
author Stanislav Malyshev <stas@php.net>
Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)
committer Stanislav Malyshev <stas@php.net>
Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c

index ddb937604710eb6a5536c772a810075689ae4a6c..cd5bda22045fd661c484f0518dbc66de003c2a59 100644 (file)
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -294,6 +294,14 @@ PS_OPEN_FUNC(files)
         }
         save_path = argv[argc - 1];
  
+       if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+               return FAILURE;
+       }
+
+       if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
+               return FAILURE;
+       }
+
         data = emalloc(sizeof(*data));
         memset(data, 0, sizeof(*data));
         
@@ -304,7 +312,7 @@ PS_OPEN_FUNC(files)
         data->basedir = estrndup(save_path, data->basedir_len);
         
         PS_SET_MOD_DATA(data);
-       
+
         return SUCCESS;
  }
author	Stanislav Malyshev <stas@php.net>
	Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)
committer	Stanislav Malyshev <stas@php.net>
	Tue, 10 Jul 2007 17:40:41 +0000 (17:40 +0000)