archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #76359: open_basedir bypass through adding ".."

Browse source 
We explicitly forbid adding paths with a leading `..` to `open_basedir`
at runtime.

Closes GH-7024.
This commit is contained in:
Christoph M. Becker 2021-05-21 15:00:41 +02:00
parent 99a208566a
commit ee9e07541f
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
3 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/security/bug76359.phpt Normal file
View file

@ -0,0 +1,19 @@
--TEST--
Bug #76359 (open_basedir bypass through adding "..")
--FILE--
<?php
ini_set('open_basedir', __DIR__);
mkdir(__DIR__ . "/bug76359");
chdir(__DIR__ . "/bug76359");
var_dump(ini_set('open_basedir', ini_get('open_basedir') . PATH_SEPARATOR . ".."));
chdir("..");
chdir("..");
?>
--EXPECTF--
bool(false)
Warning: chdir(): open_basedir restriction in effect. File(..) is not within the allowed path(s): (%s) in %s on line %d
--CLEAN--
<?php
@rmdir(__DIR__ . "/bug76359");
?>