- #45997, safe_mode bypass with exec/sytem/passthru (windows only)

2026-03-26 17:22:15 +01:00 · 2009-04-30 15:25:05 +00:00
parent 8d7ecdfdbb
commit 4d2e295344
1 changed files with 6 additions and 0 deletions
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -80,6 +80,12 @@ int php_exec(int type, char *cmd, zval *array, zval *return_value TSRMLS_DC)
 			goto err;
 		}
 		b = strrchr(cmd, PHP_DIR_SEPARATOR);
+#ifdef PHP_WIN32
+		if (b && *b == '\\' && b == cmd) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path.");
+			goto err;
+		}
+#endif
 		spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
 		if (c) {
 			*(c - 1) = ' ';