Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272&view=patch --- ext/session/session.c 2010-02-22 09:56:36.000000000 -0500 +++ ext/session/session.c.oden 2010-02-22 09:56:46.000000000 -0500 @@ -158,8 +158,13 @@ static PHP_INI_MH(OnUpdateSaveDir) return FAILURE; } - if ((p = zend_memrchr(new_value, ';', new_value_length))) { + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } } else { p = new_value; }