data->lastkey = estrdup(key);
- /* O_NOFOLLOW to prevent us from following evil symlinks */
+ /* O_NOFOLLOW to prevent us from following evil symlinks */
#ifdef O_NOFOLLOW
- data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
+ data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
#else
- /* Check to make sure that the opened file is not outside of allowable dirs.
- This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
- if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
- return;
- }
- data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
+ /* Check to make sure that the opened file is not outside of allowable dirs.
+ This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
+ if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
+ return;
+ }
+ data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
#endif
if (data->fd != -1) {
#ifndef PHP_WIN32
- /* check that this session file was created by us or root – we
- don't want to end up accepting the sessions of another webapp */
- if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
+ /* check that this session file was created by us or root – we
+ don't want to end up accepting the sessions of another webapp */
+ if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
close(data->fd);
data->fd = -1;
return;
- }
+ }
#endif
flock(data->fd, LOCK_EX);
projects / php / commitdiff