iliaa Sun Oct 20 16:44:11 2002 EDT
Modified files:
/php4/main streams.c
Log:
Fixed incorrect handling of files starting with a .
Index: php4/main/streams.c
diff -u php4/main/streams.c:1.112 php4/main/streams.c:1.113
--- php4/main/streams.c:1.112 Sat Oct 19 09:11:48 2002
+++ php4/main/streams.c Sun Oct 20 16:44:10 2002
@@ -20,7 +20,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: streams.c,v 1.112 2002/10/19 13:11:48 wez Exp $ */
+/* $Id: streams.c,v 1.113 2002/10/20 20:44:10 iliaa Exp $ */
#define _GNU_SOURCE
#include "php.h"
@@ -1518,7 +1518,16 @@
filename_length = strlen(filename);
/* Relative path open */
- if (*filename == '.') {
+ if (*filename == '.' && (*(filename+1) == '/' || *(filename+1) == '.')) {
+ /* further checks, we could have ....... filenames */
+ ptr = filename + 1;
+ if (ptr == '.') {
+ while (*(++ptr) == '.');
+ if (ptr != '/') { /* not a relative path after all */
+ goto not_relative_path;
+ }
+ }
+
if (php_check_open_basedir(filename TSRMLS_CC)) {
return NULL;
@@ -1534,6 +1543,8 @@
* files in safe_mode_include_dir (or subdir) are excluded from
* safe mode GID/UID checks
*/
+
+ not_relative_path:
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
