Merge branch 'PHP-7.1' into PHP-7.2

smalyshev · smalyshev · commit fbb6a2721264 · 2019-05-27T21:36:00.000-07:00
* PHP-7.1:
  Fix bug #77967 - Bypassing open_basedir restrictions via file uris
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
@@ -2071,6 +2071,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
 		case SQLITE_ATTACH:
 		{
 			if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
+				if (strncmp(arg3, "file:", 5) == 0) {
+					/* starts with "file:" */
+					if (!arg3[5]) {
+						return SQLITE_DENY;
+					}
+					if (php_check_open_basedir(arg3 + 5)) {
+						return SQLITE_DENY;
+					}
+				}
 				if (php_check_open_basedir(arg3)) {
 					return SQLITE_DENY;
 				}
