From: Stanislav Malyshev <stas@php.net>
Date: Tue, 10 Jul 2007 17:40:41 +0000 (+0000)
Subject: always check save_path (issue reported by Maksymilian Arciemowicz)
X-Git-Tag: php-5.2.4RC1~196
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=143badba52749ccaadd2b3eb3fad9be28f6e02b2;p=php

always check save_path (issue reported by Maksymilian Arciemowicz)
---

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index ddb9376047..cd5bda2204 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -294,6 +294,14 @@ PS_OPEN_FUNC(files)
 	}
 	save_path = argv[argc - 1];
 
+	if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		return FAILURE;
+	}
+
+	if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
+		return FAILURE;
+	}
+
 	data = emalloc(sizeof(*data));
 	memset(data, 0, sizeof(*data));
 	
@@ -304,7 +312,7 @@ PS_OPEN_FUNC(files)
 	data->basedir = estrndup(save_path, data->basedir_len);
 	
 	PS_SET_MOD_DATA(data);
-	
+
 	return SUCCESS;
 }