mirror of
https://github.com/php/php-src.git
synced 2024-12-29 19:59:19 +08:00
Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak.
This commit is contained in:
parent
981faa6754
commit
7bf62c33af
@ -563,8 +563,13 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
|
||||
return FAILURE;
|
||||
}
|
||||
|
||||
if ((p = zend_memrchr(new_value, ';', new_value_length))) {
|
||||
/* we do not use zend_memrchr() since path can contain ; itself */
|
||||
if ((p = strchr(new_value, ';'))) {
|
||||
char *p2;
|
||||
p++;
|
||||
if ((p2 = strchr(p, ';'))) {
|
||||
p = p2 + 1;
|
||||
}
|
||||
} else {
|
||||
p = new_value;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user