- Fixed bug #51627 (script path not correctly evaluated)

  Patch by: russell dot tempero at rightnow dot com

diff --git a/NEWS b/NEWS
index dd3e2562fe22930dac916ee758cbfe8324d48533..988e8fc5c8054cf39a6cd7d400b7b20d83cc06ac 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,8 @@ PHP                                                                        NEWS
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) 
 
+- Fixed bug #51627 (script path not correctly evaluated).
+  (russell dot tempero at rightnow dot com)
 - Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
 - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
   (Felipe)

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index f7bd5107e135b6e7ce70f53e5236ff446d969a7c..70ae44265520c282b5f17af6f5804c0d8cf27afc 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -435,8 +435,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
                }
        } else
 #endif
-       if (PG(doc_root) && path_info && (length = strlen(PG(doc_root)) &&
-               IS_ABSOLUTE_PATH(PG(doc_root), length))) {
+       if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
+               IS_ABSOLUTE_PATH(PG(doc_root), length)) {
                filename = emalloc(length + strlen(path_info) + 2);
                if (filename) {
                        memcpy(filename, PG(doc_root), length);