Permalink
Browse files

check if the cookie file is in the configured path

  • Loading branch information...
1 parent da22d0c commit 1fe9c89c0f4d60be2900488f871f8c41234b80d9 @WanWizard WanWizard committed Jun 18, 2015
Showing with 6 additions and 1 deletion.
  1. +6 −1 classes/session/file.php
@@ -300,7 +300,12 @@ protected function _read_file($session_id)
$payload = false;
$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id;
- if (is_file($file))
+
+ // normalize the file
+ $file = realpath($file);
+
+ // make sure it exists and is in the config path
+ if (is_file($file) and strpos($file, $this->config['path']) === 0)
{
$handle = fopen($file, 'r');
if ($handle)

0 comments on commit 1fe9c89

Please sign in to comment.