]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9967278)
fix #36223 (curl bypasses open_basedir restrictions)
authorAntony Dovgal <tony2001@php.net>
Tue, 31 Jan 2006 10:57:52 +0000 (10:57 +0000)
committerAntony Dovgal <tony2001@php.net>
Tue, 31 Jan 2006 10:57:52 +0000 (10:57 +0000)
NEWS patch | blob | history
ext/curl/curl.c patch | blob | history

diff --git a/NEWS b/NEWS
index 8f8c450e142e34f5a0b8044ecec84cf9f89d8878..6aa4eaf0135dbf3e08bb79143506d97095ee0686 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, Version 4.4.3
 - Added a check for special characters in the session name. (Ilia)
+- Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony)
 - Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the 
   end of the string). (Ilia)
 - Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
diff --git a/ext/curl/curl.c b/ext/curl/curl.c
index b125e23cbd25f96f70c2968c6446284a459e3eca..931aafaeb45e18eaf7431343c571c753f58d9f8a 100644 (file)
--- a/ext/curl/curl.c
+++ b/ext/curl/curl.c
@@ -159,7 +159,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 
 #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                                                                                  \
        if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
-           strncasecmp(str, "file://", sizeof("file://") - 1) == 0)                                                            \
+           strncasecmp(str, "file:", sizeof("file:") - 1) == 0)                                                                \
        {                                                                                                                                                                                       \
                php_url *tmp_url;                                                                                                                                               \
                                                                                                                                                                                                \
Unnamed repository; edit this file 'description' to name the repository.