Permalink
Browse files
check if the cookie file is in the configured path
- Loading branch information...
Showing
with
6 additions
and
1 deletion.
-
+6
−1
classes/session/file.php
|
|
@@ -300,7 +300,12 @@ protected function _read_file($session_id) |
|
|
$payload = false;
|
|
|
|
|
|
$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id;
|
|
|
if (is_file($file))
|
|
|
|
|
|
// normalize the file
|
|
|
$file = realpath($file);
|
|
|
|
|
|
// make sure it exists and is in the config path
|
|
|
if (is_file($file) and strpos($file, $this->config['path']) === 0)
|
|
|
{
|
|
|
$handle = fopen($file, 'r');
|
|
|
if ($handle)
|
|
|
|
0 comments on commit
1fe9c89