mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Allow file uploads to bypass open_basedir checks (fixes regression)
This commit is contained in:
parent
2c05c8c6b3
commit
20aa854940
@ -211,7 +211,7 @@ PHPAPI const char* php_get_temporary_directory(void)
|
||||
* This function should do its best to return a file pointer to a newly created
|
||||
* unique file, on every platform.
|
||||
*/
|
||||
PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
|
||||
PHPAPI int php_open_temporary_fd_ex(const char *dir, const char *pfx, char **opened_path_p, zend_bool open_basedir_check TSRMLS_DC)
|
||||
{
|
||||
int fd;
|
||||
const char *temp_dir;
|
||||
@ -227,7 +227,7 @@ PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened
|
||||
def_tmp:
|
||||
temp_dir = php_get_temporary_directory();
|
||||
|
||||
if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) {
|
||||
if (temp_dir && *temp_dir != '\0' && (!open_basedir_check || !php_check_open_basedir(temp_dir TSRMLS_CC))) {
|
||||
return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC);
|
||||
} else {
|
||||
return -1;
|
||||
@ -243,6 +243,11 @@ def_tmp:
|
||||
return fd;
|
||||
}
|
||||
|
||||
PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
|
||||
{
|
||||
return php_open_temporary_fd_ex(dir, pfx, opened_path_p, 0 TSRMLS_CC);
|
||||
}
|
||||
|
||||
PHPAPI FILE *php_open_temporary_file(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
|
||||
{
|
||||
FILE *fp;
|
||||
|
@ -23,6 +23,7 @@
|
||||
|
||||
BEGIN_EXTERN_C()
|
||||
PHPAPI FILE *php_open_temporary_file(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC);
|
||||
PHPAPI int php_open_temporary_fd_ex(const char *dir, const char *pfx, char **opened_path_p, zend_bool open_basedir_check TSRMLS_DC);
|
||||
PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC);
|
||||
PHPAPI const char *php_get_temporary_directory(void);
|
||||
PHPAPI void php_shutdown_temporary_directory();
|
||||
|
@ -1016,7 +1016,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
|
||||
|
||||
if (!skip_upload) {
|
||||
/* Handle file */
|
||||
fd = php_open_temporary_fd(PG(upload_tmp_dir), "php", &temp_filename TSRMLS_CC);
|
||||
fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
|
||||
if (fd==-1) {
|
||||
sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
|
||||
cancel_upload = UPLOAD_ERROR_E;
|
||||
|
Loading…
Reference in New Issue
Block a user