From: Felipe Pena Date: Wed, 21 Apr 2010 22:22:31 +0000 (+0000) Subject: - Fixed bug #51627 (script path not correctly evaluated) X-Git-Tag: php-5.3.3RC1~284 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ee185c604a33bedcca0a5d93f084002342578fbe;p=php - Fixed bug #51627 (script path not correctly evaluated) Patch by: russell dot tempero at rightnow dot com --- diff --git a/NEWS b/NEWS index dd3e2562fe..988e8fc5c8 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,8 @@ PHP NEWS requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51627 (script path not correctly evaluated). + (russell dot tempero at rightnow dot com) - Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe) - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe) diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index f7bd5107e1..70ae442655 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -435,8 +435,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) } } else #endif - if (PG(doc_root) && path_info && (length = strlen(PG(doc_root)) && - IS_ABSOLUTE_PATH(PG(doc_root), length))) { + if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && + IS_ABSOLUTE_PATH(PG(doc_root), length)) { filename = emalloc(length + strlen(path_info) + 2); if (filename) { memcpy(filename, PG(doc_root), length);