]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 295b7bb)
- Fixed a possible open_basedir/safe_mode bypass in session extension
authorPierre Joye <pajoye@php.net>
Thu, 4 Feb 2010 09:40:38 +0000 (09:40 +0000)
committerPierre Joye <pajoye@php.net>
Thu, 4 Feb 2010 09:40:38 +0000 (09:40 +0000)
ext/session/session.c patch | blob | history

diff --git a/ext/session/session.c b/ext/session/session.c
index ea3530dcdbd0b6e509cc44678607ac44f5885116..0ef856c9bfdaed42e5fe7d18d49391e2c408be77 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -687,8 +687,13 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
                        return FAILURE;
                }
 
-               if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+               /* we do not use zend_memrchr() since path can contain ; itself */
+               if ((p = strchr(new_value, ';'))) {
+                       char *p2;
                        p++;
+                       if ((p2 = strchr(p, ';'))) {
+                               p = p2 + 1;
+                       }
                } else {
                        p = new_value;
                }
Unnamed repository; edit this file 'description' to name the repository.