bug81742.phpt - OpenGrok history log for /php-src/ext/sqlite3/tests/bug81742.phpt

Revision		Date	Author	Comments
# 2f6b9e6c		05-Dec-2022	Christoph M. Becker	Fix #81742: open_basedir bypass in SQLite3 by using file URI A previous fix[1] was not sufficient to catch all potential file URIs, because the patch did not cater to URL encoding. Prop Fix #81742: open_basedir bypass in SQLite3 by using file URI A previous fix[1] was not sufficient to catch all potential file URIs, because the patch did not cater to URL encoding. Properly parsing and decoding the URI may yield a different result than the handling of SQLite3, so we play it safe, and reject any file URIs if open_basedir is configured. [1] <https://bugs.php.net/bug.php?id=77967> Closes GH-10018. show more ...

Revision

Date

Author

Comments

# 2f6b9e6c

05-Dec-2022

Christoph M. Becker

Fix #81742: open_basedir bypass in SQLite3 by using file URI

A previous fix[1] was not sufficient to catch all potential file URIs,
because the patch did not cater to URL encoding. Prop

Fix #81742: open_basedir bypass in SQLite3 by using file URI

A previous fix[1] was not sufficient to catch all potential file URIs,
because the patch did not cater to URL encoding. Properly parsing and
decoding the URI may yield a different result than the handling of
SQLite3, so we play it safe, and reject any file URIs if open_basedir
is configured.

[1] <https://bugs.php.net/bug.php?id=77967>

Closes GH-10018.