return NULL;
}
- if (PG(safe_mode) && (!php_checkuid(filename, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, NULL, 2))) {
return NULL;
}
convert_to_string(dbf_name);
convert_to_long(options);
- if (PG(safe_mode) && (!php_checkuid(dbf_name->value.str.val, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(dbf_name->value.str.val, NULL, 2))) {
RETURN_FALSE;
}
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_P(filename), 2))) {
+ if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_P(filename), NULL, 2))) {
RETURN_FALSE;
}
sprintf(workbuf, "%s/map", dir->value.str.val);
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
/* Now read the records in, moving forward recsize-1 bytes each time */
sprintf(workbuf, "%s/key", FP_GLOBAL(fp_database));
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
/* Now read the record in */
sprintf(workbuf, "%s/key", FP_GLOBAL(fp_database));
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
break;
}
- if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(file_in), 2))) {
+ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(file_in), NULL, 2))) {
RETURN_FALSE;
}
convert_to_string(path);
convert_to_long(mode);
- if (php3_ini.safe_mode && (!php_checkuid(path->value.str.val, 3))) {
+ if (php3_ini.safe_mode && (!php_checkuid(path->value.str.val, NULL, 3))) {
RETURN_FALSE;
}
result = mkfifo(path->value.str.val, mode->value.lval);
tmp = php_escape_shell_cmd(d);
efree(d);
d = tmp;
-#ifdef PHP_WIN32
fp = V_POPEN(d, "rb");
-#else
- fp = V_POPEN(d, "r");
-#endif
if (!fp) {
php_error(E_WARNING, "Unable to fork [%s]", d);
efree(d);
return -1;
}
} else { /* not safe_mode */
-#ifdef PHP_WIN32
fp = V_POPEN(cmd, "rb");
-#else
- fp = V_POPEN(cmd, "r");
-#endif
if (!fp) {
php_error(E_WARNING, "Unable to fork [%s]", cmd);
efree(buf);
convert_to_string_ex(arg1);
convert_to_long_ex(arg2);
mode = (*arg2)->value.lval;
- if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val,3))) {
+ if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val, NULL, 3))) {
RETURN_FALSE;
}
ret = V_MKDIR((*arg1)->value.str.val,mode);
WRONG_PARAM_COUNT;
}
convert_to_string_ex(arg1);
- if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
ret = rmdir((*arg1)->value.str.val);
old_name = (*old_arg)->value.str.val;
new_name = (*new_arg)->value.str.val;
- if (PG(safe_mode) &&(!php_checkuid(old_name, 2))) {
+ if (PG(safe_mode) &&(!php_checkuid(old_name, NULL, 2))) {
RETURN_FALSE;
}
ret = rename(old_name, new_name);
convert_to_string_ex(source);
convert_to_string_ex(target);
- if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val,2))) {
+ if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val, NULL, 2))) {
RETURN_FALSE;
}
gid = (*group)->value.lval;
}
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
uid = (*user)->value.lval;
}
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
convert_to_string_ex(filename);
convert_to_long_ex(mode);
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
}
convert_to_string_ex(filename);
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
if (newtime) efree(newtime);
RETURN_FALSE;
}
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
if (!strncasecmp((*topath)->value.str.val,"http://",7) || !strncasecmp((*topath)->value.str.val,"ftp://",6)) {
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
if (!strncasecmp((*topath)->value.str.val,"http://",7) || !strncasecmp((*topath)->value.str.val,"ftp://",6)) {
}
convert_to_string_ex(filename);
- if (PG(safe_mode) && !php_checkuid((*filename)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*filename)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
return php_gzopen_with_path(path, mode, PG(include_path), NULL);
}
else {
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path,1))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, NULL, 1))) {
return NULL;
}
if (php_check_open_basedir(path)) return NULL;
/* Relative path open */
if (*filename == '.') {
- if (PG(safe_mode) &&(!php_checkuid(filename,2))) {
+ if (PG(safe_mode) &&(!php_checkuid(filename, NULL, 2))) {
return(NULL);
}
if (php_check_open_basedir(filename)) return NULL;
} else {
strlcpy(trypath,filename,sizeof(trypath));
}
- if (!php_checkuid(trypath,2)) {
+ if (!php_checkuid(trypath, NULL, 2)) {
return(NULL);
}
if (php_check_open_basedir(trypath)) return NULL;
}
if (!path || (path && !*path)) {
- if (PG(safe_mode) &&(!php_checkuid(filename,2))) {
+ if (PG(safe_mode) &&(!php_checkuid(filename, NULL, 2))) {
return(NULL);
}
if (php_check_open_basedir(filename)) return NULL;
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
if (PG(safe_mode)) {
- if (V_STAT(trypath,&sb) == 0 &&(!php_checkuid(trypath,2))) {
+ if (V_STAT(trypath,&sb) == 0 &&(!php_checkuid(trypath, NULL, 2))) {
efree(pathbuf);
return(NULL);
}
PHPAPI FILE *php_fopen_wrapper(char *path, char *mode, int options, int *issock, int *socketd, char **opened_path)
{
- int cm=2; /* checkuid mode: 2 = if file does not exist, check directory */
PLS_FETCH();
if (opened_path) {
} else {
FILE *fp;
- if (!strcmp(mode,"r") || !strcmp(mode,"r+")) {
- cm=0;
- }
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, cm))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(path)) {
SG(request_info).path_translated = NULL;
return NULL;
}
- fp = V_FOPEN(filename, "r");
+ fp = V_FOPEN(filename, "rb");
/* refuse to open anything that is not a regular file */
if (fp && (0 > fstat(fileno(fp), &st) || !S_ISREG(st.st_mode))) {
char trypath[MAXPATHLEN + 1];
struct stat sb;
FILE *fp;
- int cm=2;
PLS_FETCH();
if (opened_path) {
*opened_path = NULL;
}
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
/* Relative path open */
if (*filename == '.') {
- if (PG(safe_mode) && (!php_checkuid(filename, cm))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(filename)) return NULL;
} else {
strlcpy(trypath,filename,sizeof(trypath));
}
- if (!php_checkuid(trypath, cm)) {
+ if (!php_checkuid(trypath, mode, 0)) {
return NULL;
}
if (php_check_open_basedir(trypath)) return NULL;
}
}
if (!path || (path && !*path)) {
- if (PG(safe_mode) && (!php_checkuid(filename, cm))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(filename)) {
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
if (PG(safe_mode)) {
- if (V_STAT(trypath, &sb) == 0 && (!php_checkuid(trypath, cm))) {
+ if (V_STAT(trypath, &sb) == 0 && (!php_checkuid(trypath, mode, 0))) {
efree(pathbuf);
return NULL;
}
if (options & USE_PATH) {
fp = php_fopen_with_path((char *) path, mode, PG(include_path), opened_path);
} else {
- int cm=2;
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, cm))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, mode, 0))) {
fp = NULL;
} else {
if (php_check_open_basedir((char *) path)) {
FILE *retval;
old_chunk_size = php_sock_set_def_chunk_size(1);
- retval=php_fopen_wrapper((char *) filename, "r", USE_PATH|IGNORE_URL_WIN, &issock, &socketd, opened_path);
+ retval=php_fopen_wrapper((char *) filename, "rb", USE_PATH|IGNORE_URL_WIN, &issock, &socketd, opened_path);
php_sock_set_def_chunk_size(old_chunk_size);
if (issock) {
- retval = fdopen(socketd, "r");
+ retval = fdopen(socketd, "rb");
}
return retval;
}
* 2 - if file does not exist, check directory
* 3 - only check directory (needed for mkdir)
*/
-PHPAPI int php_checkuid(const char *fn, int mode) {
+PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode) {
struct stat sb;
int ret;
long uid=0L, duid=0L;
if (!fn) return(0); /* path must be provided */
+ if (fopen_mode) {
+ if (fopen_mode[0] == 'r') {
+ mode = 0;
+ } else {
+ mode = 2;
+ }
+ }
+
/*
* If given filepath is a URL, allow - safe mode stuff
* related to URL's is checked in individual functions
#ifndef _SAFE_MODE_H_
#define _SAFE_MODE_H_
-extern PHPAPI int php_checkuid(const char *filename, int mode);
+extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode);
extern PHPAPI char *php_get_current_user(void);
#endif
projects / php / commitdiff