diff options
| author | Stanislav Malyshev <stas@php.net> | 2019-05-27 21:36:00 -0700 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2019-05-29 08:45:04 +0200 |
| commit | 750687806d8b5a5ec88d88ecc14a422e58ad8d66 (patch) | |
| tree | 0e9f5f7b5e8606a78566535676bbd9fe040ab0c9 | |
| parent | 810161b704f3770852270f7f2df6464974f335f0 (diff) | |
| download | php-git-750687806d8b5a5ec88d88ecc14a422e58ad8d66.tar.gz | |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix bug #77967 - Bypassing open_basedir restrictions via file uris
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index a7df269533..ac98435af7 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -2071,6 +2071,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar case SQLITE_ATTACH: { if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) { + if (strncmp(arg3, "file:", 5) == 0) { + /* starts with "file:" */ + if (!arg3[5]) { + return SQLITE_DENY; + } + if (php_check_open_basedir(arg3 + 5)) { + return SQLITE_DENY; + } + } if (php_check_open_basedir(arg3)) { return SQLITE_DENY; } |