From 154f70acf1560bd6633cf7cce1efe1528f35c36f Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 1 Oct 2006 20:58:02 +0000
Subject: [PATCH] Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
 session.save_path, allowing them to account for extra parameters).

---
 NEWS                           |  2 ++
 ext/session/session.c          | 12 ++++++++++--
 ext/standard/basic_functions.c |  1 -
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index f774d37bf1..a48a14a18f 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Fixed mess with CGI/CLI -d option (now it works with cgi; constants are
   working exactly like in php.ini; with FastCGI -d affects all requests).
   (Dmitry)
+- Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
+  session.save_path, allowing them to account for extra parameters). (Ilia)
 - Fixed bug #38981 (using FTP URLs in get_headers() causes crash). (Tony)
 - Fixed bug #38961 (metaphone() results in segmentation fault on NetBSD). 
   (Tony)
diff --git a/ext/session/session.c b/ext/session/session.c
index 3078cff9fc..1d6f991b14 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -154,11 +154,19 @@ static PHP_INI_MH(OnUpdateSaveDir)
 {
 	/* Only do the safemode/open_basedir check at runtime */
 	if (stage == PHP_INI_STAGE_RUNTIME) {
-		if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+		char *p;
+
+		if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+			p++;
+		} else {
+			p = new_value;
+		}
+
+		if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
 			return FAILURE;
 		}
 
-		if (php_check_open_basedir(new_value TSRMLS_CC)) {
+		if (php_check_open_basedir(p TSRMLS_CC)) {
 			return FAILURE;
 		}
 	}
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 7beb9deb92..78bfea7ed9 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -5622,7 +5622,6 @@ PHP_FUNCTION(ini_set)
 			_CHECK_PATH(varname, "java.class.path") ||
 			_CHECK_PATH(varname, "java.home") ||
 			_CHECK_PATH(varname, "java.library.path") ||
-			_CHECK_PATH(varname, "session.save_path") ||
 			_CHECK_PATH(varname, "vpopmail.directory")) {
 			if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
 				zval_dtor(return_value);
-- 
2.50.1