check if the cookie file is in the configured path

fuel · Jun 18, 2015 · 1fe9c89 · 1fe9c89
1 parent da22d0c
commit 1fe9c89
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/classes/session/file.php b/classes/session/file.php
@@ -300,7 +300,12 @@ protected function _read_file($session_id)
 		$payload = false;
 
 		$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id;
-		if (is_file($file))
+
+		// normalize the file
+		$file = realpath($file);
+
+		// make sure it exists and is in the config path
+		if (is_file($file) and strpos($file, $this->config['path']) === 0)
 		{
 			$handle = fopen($file, 'r');
 			if ($handle)