From 36c32f8383f50e0c30585f9ae09e46b64b1597de Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Thu, 15 Dec 2005 19:04:00 +0000
Subject: [PATCH] - fix url check in open_basedir check

---
 php_http_api.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/php_http_api.h b/php_http_api.h
index 694ddc0..9f8eda9 100644
--- a/php_http_api.h
+++ b/php_http_api.h
@@ -89,12 +89,12 @@ extern void _http_error_ex(long type TSRMLS_DC, long code, const char *format, .
  \
 		if (!strncasecmp(tmp, "file:", lenof("file:"))) { \
 			tmp += lenof("file:"); \
-			while (*tmp == '/' || *tmp == '\\') ++tmp; \
+			while ((tmp - (const char *)file < 7) && (*tmp == '/' || *tmp == '\\')) ++tmp; \
 		} \
  \
- 		if (!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
-		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { \
-		 		http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Permission denied: %s", file); \
+ 		if (	(tmp != file || !strstr(file, "://")) && \
+		 		(!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
+		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))) { \
 		 		act; \
 		} \
 	}
-- 
2.30.2