Is there a test for this?
Chris On 12/10/2010 04:50 AM, Ilia Alshanetsky wrote:
iliaa Fri, 10 Dec 2010 12:50:25 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=306184 Log: Fixed bug #53516 (Regression in open_basedir handling). Bug: http://bugs.php.net/53516 (Open) open_basedir BUG introduced in PHP 5.2.15 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-10 12:50:25 UTC (rev 306184) @@ -1,6 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 5.2.16 +- Fixed bug #53516 (Regression in open_basedir handling). (Ilia) 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c =================================================================== --- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 12:50:25 UTC (rev 306184) @@ -192,7 +192,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len> resolved_basedir_len&& - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */
-- Email: christopher.jo...@oracle.com Tel: +1 650 506 8630 Blog: http://blogs.oracle.com/opal/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
