Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
check if the cookie file is in the configured path
  • Loading branch information
WanWizard committed Jun 18, 2015
1 parent da22d0c commit 1fe9c89
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion classes/session/file.php
Expand Up @@ -300,7 +300,12 @@ protected function _read_file($session_id)
$payload = false;

$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id;
if (is_file($file))

// normalize the file
$file = realpath($file);

// make sure it exists and is in the config path
if (is_file($file) and strpos($file, $this->config['path']) === 0)
{
$handle = fopen($file, 'r');
if ($handle)
Expand Down

0 comments on commit 1fe9c89

Please sign in to comment.