Disable path resolution for filenames with stream wrappers

More careful check for relative pathes (./xxx and ../xxx)

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index d54e26aa72ba5e265ef24968f0acdcc5221e6b27..5aa95c19c036e19b9e8b7911a000c7e7aabb6b85 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -454,13 +454,21 @@ PHPAPI char *php_resolve_path(const char *filename, int filename_length, const c
 {
        char resolved_path[MAXPATHLEN];
        char trypath[MAXPATHLEN];
-       char *ptr, *end;
+       const char *ptr, *end, *p;
 
        if (!filename) {
                return NULL;
        }
 
-       if (*filename == '.' ||
+       /* Don't resolve patches which contain protocol */
+       for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+    if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
+       return NULL;
+    }
+
+       if ((*filename == '.' && 
+            (IS_SLASH(filename[1]) || 
+             ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
            IS_ABSOLUTE_PATH(filename, filename_length) ||
            !path ||
            !*path) {