clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

MFH: Added missing safe_mode checks.

Browse Source
This commit is contained in:
Ilia Alshanetsky 2005-10-06 20:47:41 +00:00
parent d3dc0a39bc
commit 71bd44ac02
4 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -30,6 +30,7 @@ PHP NEWS
. ext/oracle (Jani, Derick)
. ext/ovrimos (Jani, Derick, Pierre)
. ext/pfpro (Jani, Derick, Pierre)
- Added missing safe_mode checks for image* functions and cURL. (Ilia)
- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
- Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
- Fixed potential GLOBALS overwrite via import_request_variables() and

2
ext/curl/interface.c
View File

@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \
if (PG(open_basedir) && *PG(open_basedir) && \
if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \
strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \
{ \
php_url *tmp_url; \

2
ext/gd/gd.c
View File

@ -1723,7 +1723,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}

2
ext/gd/gd_ctx.c
View File

@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}