]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1dfbfc)
Fixed open_basedir & safe_mode bypass inside readlink() function.
authorIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:37:32 +0000 (00:37 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:37:32 +0000 (00:37 +0000)
ext/standard/link.c patch | blob | history

diff --git a/ext/standard/link.c b/ext/standard/link.c
index dca60529d942947f06b0c8a40f2f214db225697f..ec67f19f51b9b0aa95d338d7ad4fde2abf7f73c4 100644 (file)
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -65,6 +65,14 @@ PHP_FUNCTION(readlink)
        }
        convert_to_string_ex(filename);
 
+       if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+               RETURN_FALSE;
+       }
+
+       if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
 
        if (ret == -1) {
Unnamed repository; edit this file 'description' to name the repository.