mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-01-26 21:54:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added missing safe_mode checks.

Browse Source
This commit is contained in:
Ilia Alshanetsky 2005-10-06 20:37:25 +00:00
parent 7e85bac9ec
commit 37a1bb6f52
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/curl/interface.c
View File

@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \
if (PG(open_basedir) && *PG(open_basedir) && \
if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \
strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \
{ \
php_url *tmp_url; \

2
ext/gd/gd.c
View File

@ -1709,7 +1709,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}

2
ext/gd/gd_ctx.c
View File

@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}