data: and php:stdin/input allow_url_include checks

diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c
index a5bf5a130e3bb44895c7df476962a31cdd5822bc..492de62e5846ed7ad773c698febeba3e0ca317c6 100644 (file)
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@@ -185,12 +185,24 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch
        if (!strcasecmp(path, "output")) {
                return php_stream_alloc(&php_stream_output_ops, NULL, 0, "wb");
        }
-       
+
        if (!strcasecmp(path, "input")) {
+               if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) {
+                       if (options & REPORT_ERRORS) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
+                       }
+                       return NULL;
+               }
                return php_stream_alloc(&php_stream_input_ops, ecalloc(1, sizeof(off_t)), 0, "rb");
        }  
        
        if (!strcasecmp(path, "stdin")) {
+               if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) {
+                       if (options & REPORT_ERRORS) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
+                       }
+                       return NULL;
+               }
                if (!strcmp(sapi_module.name, "cli")) {
                        static int cli_in = 0;
                        fd = STDIN_FILENO;