From ea81bfcf7a76b0d325cf4a64b5df2de5079d88ca Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Thu, 30 Apr 2009 15:25:37 +0000
Subject: [PATCH] - MFB: #45997, safe_mode bypass with exec/sytem/passthru
 (windows only)

---
 ext/standard/exec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index c4378186bd..65fe95115f 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -79,7 +79,16 @@ PHPAPI int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path");
 			goto err;
 		}
+		
 		b = strrchr(cmd, PHP_DIR_SEPARATOR);
+
+#ifdef PHP_WIN32
+		if (b && *b == '\\' && b == cmd) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path.");
+			goto err;
+		}
+#endif
+
 		spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
 		if (c) {
 			*(c - 1) = ' ';
-- 
2.40.0