MFH

author: Shane Caraveo <shane@php.net> 2003-03-27 17:57:58 +0000
committer: Shane Caraveo <shane@php.net> 2003-03-27 17:57:58 +0000
commit: ce2edd18c7c18743ce71ec8c8a7dcd671f753750 (patch)
tree: 027c54fbf2355cd2a0be2604509f9e0cf702b7f4 /sapi/cgi/cgi_main.c
parent: f85ea33a983a0da23c9b2afd723fe536659c9f67 (diff)
download: php-git-ce2edd18c7c18743ce71ec8c8a7dcd671f753750.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 8b756a761d..2ddabd591d 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -806,7 +806,9 @@ static void init_request_info(TSRMLS_D)
 #endif
 		SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD",0 TSRMLS_CC);
 		SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING",0 TSRMLS_CC);
-		if (script_path_translated)
+		/* some server configurations allow '..' to slip through in the
+		   translated path.   We'll just refuse to handle such a path. */
+		if (script_path_translated && !strstr(script_path_translated,".."))
 			SG(request_info).path_translated = estrdup(script_path_translated);
 		SG(request_info).content_type = (content_type ? content_type : "" );
 		SG(request_info).content_length = (content_length?atoi(content_length):0);
author	Shane Caraveo <shane@php.net>	2003-03-27 17:57:58 +0000
committer	Shane Caraveo <shane@php.net>	2003-03-27 17:57:58 +0000
commit	ce2edd18c7c18743ce71ec8c8a7dcd671f753750 (patch)
tree	027c54fbf2355cd2a0be2604509f9e0cf702b7f4 /sapi/cgi/cgi_main.c
parent	f85ea33a983a0da23c9b2afd723fe536659c9f67 (diff)
download	php-git-ce2edd18c7c18743ce71ec8c8a7dcd671f753750.tar.gz