From 143badba52749ccaadd2b3eb3fad9be28f6e02b2 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 10 Jul 2007 17:40:41 +0000
Subject: [PATCH] always check save_path (issue reported by Maksymilian
 Arciemowicz)

---
 ext/session/mod_files.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index ddb9376047..cd5bda2204 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -294,6 +294,14 @@ PS_OPEN_FUNC(files)
 	}
 	save_path = argv[argc - 1];
 
+	if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		return FAILURE;
+	}
+
+	if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
+		return FAILURE;
+	}
+
 	data = emalloc(sizeof(*data));
 	memset(data, 0, sizeof(*data));
 	
@@ -304,7 +312,7 @@ PS_OPEN_FUNC(files)
 	data->basedir = estrndup(save_path, data->basedir_len);
 	
 	PS_SET_MOD_DATA(data);
-	
+
 	return SUCCESS;
 }
 
-- 
2.50.1