Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
check if the cookie file is in the configured path
- Loading branch information
Showing
with
6 additions
and
1 deletion.
-
+6
−1
classes/session/file.php
|
@@ -300,7 +300,12 @@ protected function _read_file($session_id) |
|
|
$payload = false; |
|
|
|
|
|
$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id; |
|
|
if (is_file($file)) |
|
|
|
|
|
// normalize the file |
|
|
$file = realpath($file); |
|
|
|
|
|
// make sure it exists and is in the config path |
|
|
if (is_file($file) and strpos($file, $this->config['path']) === 0) |
|
|
{ |
|
|
$handle = fopen($file, 'r'); |
|
|
if ($handle) |
|
|