mirror of
https://github.com/php/php-src.git
synced 2024-11-29 12:53:37 +08:00
Nuke php_check_safe_mode_include_dir
This commit is contained in:
Andi Gutmans
parent
e3b1e8c5dd
commit
d3f7bee047
@ -187,55 +187,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
/* {{{ php_check_safe_mode_include_dir
|
||||
*/
|
||||
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
|
||||
{
|
||||
if (PG(safe_mode)) {
|
||||
if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
|
||||
char *pathbuf;
|
||||
char *ptr;
|
||||
char *end;
|
||||
char resolved_name[MAXPATHLEN];
|
||||
|
||||
/* Resolve the real path into resolved_name */
|
||||
if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL)
|
||||
return -1;
|
||||
|
||||
pathbuf = estrdup(PG(safe_mode_include_dir));
|
||||
|
||||
ptr = pathbuf;
|
||||
|
||||
while (ptr && *ptr) {
|
||||
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
|
||||
if (end != NULL) {
|
||||
*end = '\0';
|
||||
end++;
|
||||
}
|
||||
|
||||
/* Check the path */
|
||||
#ifdef PHP_WIN32
|
||||
if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
|
||||
#else
|
||||
if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
|
||||
#endif
|
||||
{
|
||||
/* File is in the right directory */
|
||||
efree(pathbuf);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ptr = end;
|
||||
}
|
||||
efree(pathbuf);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Nothing to check... */
|
||||
return 0;
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
/* {{{ php_fopen_and_set_opened_path
|
||||
*/
|
||||
@ -388,15 +339,8 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
|
||||
*/
|
||||
|
||||
/* Absolute path open */
|
||||
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
|
||||
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
|
||||
/* filename is in safe_mode_include_dir (or subdir) */
|
||||
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
|
||||
|
||||
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
|
||||
}
|
||||
|
||||
if (!path || (path && !*path)) {
|
||||
/* FIXME: Andi - Do we actually need the if()? */
|
||||
if (IS_ABSOLUTE_PATH(filename, filename_length) || (!path || (path && !*path))) {
|
||||
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
|
||||
}
|
||||
|
||||
@ -434,20 +378,7 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
|
||||
end++;
|
||||
}
|
||||
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
|
||||
if (PG(safe_mode)) {
|
||||
if (VCWD_STAT(trypath, &sb) == 0) {
|
||||
/* file exists ... check permission */
|
||||
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
|
||||
php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM))
|
||||
/* UID ok, or trypath is in safe_mode_include_dir */
|
||||
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
|
||||
else
|
||||
fp = NULL;
|
||||
|
||||
efree(pathbuf);
|
||||
return fp;
|
||||
}
|
||||
}
|
||||
|
||||
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
|
||||
if (fp) {
|
||||
efree(pathbuf);
|
||||
|
||||
@ -31,8 +31,6 @@ PHPAPI int php_check_open_basedir(const char *path TSRMLS_DC);
|
||||
PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC);
|
||||
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC);
|
||||
|
||||
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC);
|
||||
|
||||
PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC);
|
||||
|
||||
PHPAPI int php_is_url(char *path);
|
||||
|
||||
@ -1210,10 +1210,6 @@ not_relative_path:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
|
||||
/* filename is in safe_mode_include_dir (or subdir) */
|
||||
return php_stream_fopen_rel(filename, mode, opened_path, options);
|
||||
|
||||
return php_stream_fopen_rel(filename, mode, opened_path, options);
|
||||
}
|
||||
|
||||
@ -1232,9 +1228,6 @@ not_relative_path:
|
||||
if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) {
|
||||
return NULL;
|
||||
}
|
||||
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC)) == 0) {
|
||||
return php_stream_fopen_rel(trypath, mode, opened_path, options);
|
||||
}
|
||||
|
||||
return php_stream_fopen_rel(trypath, mode, opened_path, options);
|
||||
}
|
||||
@ -1289,19 +1282,6 @@ not_relative_path:
|
||||
continue;
|
||||
}
|
||||
|
||||
if (PG(safe_mode)) {
|
||||
if (VCWD_STAT(trypath, &sb) == 0) {
|
||||
/* file exists ... check permission */
|
||||
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
|
||||
php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) {
|
||||
/* UID ok, or trypath is in safe_mode_include_dir */
|
||||
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
|
||||
goto stream_done;
|
||||
}
|
||||
}
|
||||
ptr = end;
|
||||
continue;
|
||||
}
|
||||
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
|
||||
if (stream) {
|
||||
stream_done:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user