Merge branch 'PHP-7.4'

* PHP-7.4: Fix bug #77967 - Bypassing open_basedir restrictions via file uris
lighter · May 28, 2019 · 0403152 · 0403152
2 parents d99de36 + ffc15e9
commit 0403152
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
@@ -2145,6 +2145,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
 		case SQLITE_ATTACH:
 		{
 			if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
+				if (strncmp(arg3, "file:", 5) == 0) {
+					/* starts with "file:" */
+					if (!arg3[5]) {
+						return SQLITE_DENY;
+					}
+					if (php_check_open_basedir(arg3 + 5)) {
+						return SQLITE_DENY;
+					}
+				}
 				if (php_check_open_basedir(arg3)) {
 					return SQLITE_DENY;
 				}