X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=php_http_api.h;h=9f8eda9537900929c8313eb28fc7b8e45a97a966;hb=8fa713be4960d51958523429ee0e7dfca6d017fb;hp=694ddc015de9fdfb1b26c8f1bcf1312e51c2f337;hpb=14819be2113881e1030d23c6a1a32e17083ab406;p=m6w6%2Fext-http

diff --git a/php_http_api.h b/php_http_api.h
index 694ddc0..9f8eda9 100644
--- a/php_http_api.h
+++ b/php_http_api.h
@@ -89,12 +89,12 @@ extern void _http_error_ex(long type TSRMLS_DC, long code, const char *format, .
  \
 		if (!strncasecmp(tmp, "file:", lenof("file:"))) { \
 			tmp += lenof("file:"); \
-			while (*tmp == '/' || *tmp == '\\') ++tmp; \
+			while ((tmp - (const char *)file < 7) && (*tmp == '/' || *tmp == '\\')) ++tmp; \
 		} \
  \
- 		if (!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
-		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { \
-		 		http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Permission denied: %s", file); \
+ 		if (	(tmp != file || !strstr(file, "://")) && \
+		 		(!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
+		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))) { \
 		 		act; \
 		} \
 	}