]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d70b79a)
- add openbase_dir checks in ::open and addFile()
authorPierre Joye <pajoye@php.net>
Wed, 14 Mar 2007 12:02:40 +0000 (12:02 +0000)
committerPierre Joye <pajoye@php.net>
Wed, 14 Mar 2007 12:02:40 +0000 (12:02 +0000)
ext/zip/php_zip.c patch | blob | history

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 393b5c28ff8fb8d19f674eeaee4cbe874865edba..83af1280d3a08eb9e391c4f4465d4c8724a649f3 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -927,6 +927,10 @@ static ZIPARCHIVE_METHOD(open)
                RETURN_FALSE;
        }
 
+       if (OPENBASEDIR_CHECKPATH(filename)) {
+               RETURN_FALSE;
+       }
+
        if(!expand_filepath(filename, resolved_path TSRMLS_CC)) {
                RETURN_FALSE;
        }
@@ -1067,6 +1071,10 @@ static ZIPARCHIVE_METHOD(addFile)
                }
        }
 
+       if (OPENBASEDIR_CHECKPATH(filename)) {
+               RETURN_FALSE;
+       }
+
        if(!expand_filepath(filename, resolved_path TSRMLS_CC)) {
                if (Z_TYPE_PP(filename_zval) == IS_UNICODE) {
                        efree(entry_name);
Unnamed repository; edit this file 'description' to name the repository.