diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0663d0cf85..588a060630 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -994,6 +994,14 @@ function phpbb_own_realpath($path) $resolved .= $bit . (($i == $max) ? '' : '/'); } + // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it + // because we must be inside that basedir, the question is where... + // @internal The slash in is_dir() gets around an open_basedir restriction + if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved))) + { + return false; + } + // Put the slashes back to the native operating systems slashes $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); |