mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-28 04:14:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Another safe-mode fix. parse_ini_file() did not check

Browse Source 
@ safe-mode fix for parse_ini_file()  (Rasmus)
This commit is contained in:
Rasmus Lerdorf 2002-05-11 19:19:49 +00:00
parent 9cbcc9b822
commit 465b2d54db
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ext/standard/basic_functions.c
View File

@ -2471,6 +2471,15 @@ PHP_FUNCTION(parse_ini_file)
}
convert_to_string_ex(filename);
if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_ONLY_FILE))) {
RETURN_FALSE;
}
if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
RETURN_FALSE;
}
fh.handle.fp = VCWD_FOPEN(Z_STRVAL_PP(filename), "r");
if (!fh.handle.fp) {
php_error(E_WARNING, "Cannot open '%s' for reading", Z_STRVAL_PP(filename));