Permalink
Browse files

check if the cookie file is in the configured path

  • Loading branch information...
WanWizard committed Jun 18, 2015
1 parent da22d0c commit 1fe9c89c0f4d60be2900488f871f8c41234b80d9
Showing with 6 additions and 1 deletion.
  1. +6 −1 classes/session/file.php
@@ -300,7 +300,12 @@ protected function _read_file($session_id)
$payload = false;
$file = $this->config['path'].$this->config['cookie_name'].'_'.$session_id;
if (is_file($file))
// normalize the file
$file = realpath($file);
// make sure it exists and is in the config path
if (is_file($file) and strpos($file, $this->config['path']) === 0)
{
$handle = fopen($file, 'r');
if ($handle)

0 comments on commit 1fe9c89

Please sign in to comment.