From 8370857f0408b9610ba80e9bc06cde19c8e58983 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 7 Dec 2013 13:20:40 +0100 Subject: [PATCH] [ticket/11997] Undo changes to phpbb_own_realpath() PHPBB3-11997 --- phpBB/includes/functions.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0663d0cf85..588a060630 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -994,6 +994,14 @@ function phpbb_own_realpath($path) $resolved .= $bit . (($i == $max) ? '' : '/'); } + // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it + // because we must be inside that basedir, the question is where... + // @internal The slash in is_dir() gets around an open_basedir restriction + if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved))) + { + return false; + } + // Put the slashes back to the native operating systems slashes $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved);