- MFB: Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.

  (patch by Christian Hoffmann)

diff --git a/NEWS b/NEWS
index bd6b44deedcdee218e2083906f79e9cf1c2023c0..8071e64208ccf798b825522774a634f5a3a6ffe6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.7
+- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
+  (Christian Hoffmann)
+
 - Reverted fix for bug #44197 due to change in behaviour in minor version.
   (Felipe)
 

diff --git a/main/safe_mode.c b/main/safe_mode.c
index b791351c3b0046cadb33ddeabaa69d7793d1e363..d9d1a4f02b4acf5250d0573cf625f1e3edaff50f 100644 (file)
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -73,14 +73,6 @@ PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mod
                        mode = CHECKUID_CHECK_FILE_AND_DIR;
                }
        }
-
-       /* 
-        * If given filepath is a URL, allow - safe mode stuff
-        * related to URL's is checked in individual functions
-        */
-       wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
-       if (wrapper != NULL)
-               return 1;
                
        /* First we see if the file is owned by the same user...
         * If that fails, passthrough and check directory...