From 4d2e2953448f9e7c9f49a0ad91a1d54bed514b5f Mon Sep 17 00:00:00 2001 From: Pierre Joye Date: Thu, 30 Apr 2009 15:25:05 +0000 Subject: [PATCH] - #45997, safe_mode bypass with exec/sytem/passthru (windows only) --- ext/standard/exec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 0ecae9d02d5..e0843718306 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -80,6 +80,12 @@ int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_DC) goto err; } b = strrchr(cmd, PHP_DIR_SEPARATOR); +#ifdef PHP_WIN32 + if (b && *b == '\\' && b == cmd) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path."); + goto err; + } +#endif spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : "")); if (c) { *(c - 1) = ' ';