Fixed bug #38993 (Fixed safe_mode/open_basedir checks for

author Ilia Alshanetsky <iliaa@php.net>

Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)
diff --git a/NEWS b/NEWS

index f774d37bf198ee9ca49854535461a77c4eecbce5..a48a14a18fe16a49bd48301c339c0659a2c8b5b2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
  - Fixed mess with CGI/CLI -d option (now it works with cgi; constants are
    working exactly like in php.ini; with FastCGI -d affects all requests).
    (Dmitry)
+- Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
+  session.save_path, allowing them to account for extra parameters). (Ilia)
  - Fixed bug #38981 (using FTP URLs in get_headers() causes crash). (Tony)
  - Fixed bug #38961 (metaphone() results in segmentation fault on NetBSD). 
    (Tony)
diff --git a/ext/session/session.c b/ext/session/session.c

index 3078cff9fc66b9d761fc2c56a3e8c70323a0099b..1d6f991b14137d7cc5ed067a69c3e2db67b13c3d 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -154,11 +154,19 @@ static PHP_INI_MH(OnUpdateSaveDir)
  {
         /* Only do the safemode/open_basedir check at runtime */
         if (stage == PHP_INI_STAGE_RUNTIME) {
-               if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+               char *p;
+
+               if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+                       p++;
+               } else {
+                       p = new_value;
+               }
+
+               if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
                         return FAILURE;
                 }
  
-               if (php_check_open_basedir(new_value TSRMLS_CC)) {
+               if (php_check_open_basedir(p TSRMLS_CC)) {
                         return FAILURE;
                 }
         }
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c

index 7beb9deb92646e03ed9a4caa1899dcb9fb21ca8c..78bfea7ed9278219dd68147f294edbfa5fa44a56 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -5622,7 +5622,6 @@ PHP_FUNCTION(ini_set)
                         _CHECK_PATH(varname, "java.class.path") ||
                         _CHECK_PATH(varname, "java.home") ||
                         _CHECK_PATH(varname, "java.library.path") ||
-                       _CHECK_PATH(varname, "session.save_path") ||
                         _CHECK_PATH(varname, "vpopmail.directory")) {
                         if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
                                 zval_dtor(return_value);
author	Ilia Alshanetsky <iliaa@php.net>
	Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sun, 1 Oct 2006 20:58:02 +0000 (20:58 +0000)
NEWS		patch \| blob \| history
ext/session/session.c		patch \| blob \| history
ext/standard/basic_functions.c		patch \| blob \| history