mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
MFH: Added missing safe_mode checks.
This commit is contained in:
parent
d3dc0a39bc
commit
71bd44ac02
1
NEWS
1
NEWS
@ -30,6 +30,7 @@ PHP NEWS
|
||||
. ext/oracle (Jani, Derick)
|
||||
. ext/ovrimos (Jani, Derick, Pierre)
|
||||
. ext/pfpro (Jani, Derick, Pierre)
|
||||
- Added missing safe_mode checks for image* functions and cURL. (Ilia)
|
||||
- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
|
||||
- Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
|
||||
- Fixed potential GLOBALS overwrite via import_request_variables() and
|
||||
|
@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
|
||||
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
|
||||
|
||||
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \
|
||||
if (PG(open_basedir) && *PG(open_basedir) && \
|
||||
if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \
|
||||
strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \
|
||||
{ \
|
||||
php_url *tmp_url; \
|
||||
|
@ -1723,7 +1723,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
|
||||
}
|
||||
|
||||
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
|
||||
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
|
||||
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
|
||||
}
|
||||
|
||||
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
|
||||
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
|
||||
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user