mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-29 21:04:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Nuke php_check_safe_mode_include_dir

Browse Source
This commit is contained in:
Andi Gutmans 2006-02-19 01:19:37 +00:00
parent e3b1e8c5dd
commit d3f7bee047
3 changed files with 3 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
main/fopen_wrappers.c
View File

@ -187,55 +187,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
} }
/* }}} */ /* }}} */
/* {{{ php_check_safe_mode_include_dir
*/
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
{
if (PG(safe_mode)) {
if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
char *pathbuf;
char *ptr;
char *end;
char resolved_name[MAXPATHLEN];
/* Resolve the real path into resolved_name */
if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL)
return -1;
pathbuf = estrdup(PG(safe_mode_include_dir));
ptr = pathbuf;
while (ptr && *ptr) {
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
if (end != NULL) {
*end = '\0';
end++;
}
/* Check the path */
#ifdef PHP_WIN32
if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
#else
if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
#endif
{
/* File is in the right directory */
efree(pathbuf);
return 0;
}
ptr = end;
}
efree(pathbuf);
}
return -1;
}
/* Nothing to check... */
return 0;
}
/* }}} */
/* {{{ php_fopen_and_set_opened_path /* {{{ php_fopen_and_set_opened_path
*/ */
@ -388,15 +339,8 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
*/ */
/* Absolute path open */ /* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) { /* FIXME: Andi - Do we actually need the if()? */
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) if (IS_ABSOLUTE_PATH(filename, filename_length) || (!path || (path && !*path))) {
/* filename is in safe_mode_include_dir (or subdir) */
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
if (!path || (path && !*path)) {
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
} }
@ -434,20 +378,7 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
end++; end++;
} }
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename); snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
if (PG(safe_mode)) {
if (VCWD_STAT(trypath, &sb) == 0) {
/* file exists ... check permission */
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM))
/* UID ok, or trypath is in safe_mode_include_dir */
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
else
fp = NULL;
efree(pathbuf);
return fp;
}
}
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
if (fp) { if (fp) {
efree(pathbuf); efree(pathbuf);

2
main/fopen_wrappers.h
View File

@ -31,8 +31,6 @@ PHPAPI int php_check_open_basedir(const char *path TSRMLS_DC);
PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC); PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC);
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC); PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC);
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC);
PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC); PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC);
PHPAPI int php_is_url(char *path); PHPAPI int php_is_url(char *path);

20
main/streams/plain_wrapper.c
View File

@ -1210,10 +1210,6 @@ not_relative_path:
return NULL; return NULL;
} }
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
/* filename is in safe_mode_include_dir (or subdir) */
return php_stream_fopen_rel(filename, mode, opened_path, options);
return php_stream_fopen_rel(filename, mode, opened_path, options); return php_stream_fopen_rel(filename, mode, opened_path, options);
} }
@ -1232,9 +1228,6 @@ not_relative_path:
if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) { if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) {
return NULL; return NULL;
} }
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC)) == 0) {
return php_stream_fopen_rel(trypath, mode, opened_path, options);
}
return php_stream_fopen_rel(trypath, mode, opened_path, options); return php_stream_fopen_rel(trypath, mode, opened_path, options);
} }
@ -1289,19 +1282,6 @@ not_relative_path:
continue; continue;
} }
if (PG(safe_mode)) {
if (VCWD_STAT(trypath, &sb) == 0) {
/* file exists ... check permission */
if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) {
/* UID ok, or trypath is in safe_mode_include_dir */
stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
goto stream_done;
}
}
ptr = end;
continue;
}
stream = php_stream_fopen_rel(trypath, mode, opened_path, options); stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) { if (stream) {
stream_done: stream_done: