]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3bda0b4)
Fix bug: #18285, php_checkuid() mangled the passed path.
authorfoobar <sniper@php.net>
Sat, 13 Jul 2002 00:52:18 +0000 (00:52 +0000)
committerfoobar <sniper@php.net>
Sat, 13 Jul 2002 00:52:18 +0000 (00:52 +0000)
main/safe_mode.c patch | blob | history

diff --git a/main/safe_mode.c b/main/safe_mode.c
index d3ffab6a3f161507138503723b23d1a7357f14ff..6f42c62f197a02526005db18e859c62b75b34ab7 100644 (file)
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -49,9 +49,12 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
        int ret, nofile=0;
        long uid=0L, gid=0L, duid=0L, dgid=0L;
        char path[MAXPATHLEN];
-       char *s;
+       char *s, filenamecopy[MAXPATHLEN];
        TSRMLS_FETCH();
 
+       strlcpy(filenamecopy, filename, MAXPATHLEN);
+       filename=(char *)&filenamecopy;
+
        if (!filename) {
                return 0; /* path must be provided */
        }
@@ -67,7 +70,7 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
        /* 
         * If given filepath is a URL, allow - safe mode stuff
         * related to URL's is checked in individual functions
-     */        
+        */
        if (!strncasecmp(filename,"http://", 7) || !strncasecmp(filename,"ftp://", 6)) {
                return 1;
        }
@@ -116,7 +119,7 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
                        VCWD_REALPATH(filename, path);
                        *s = DEFAULT_SLASH;
                } else {
-                       VCWD_GETCWD(path, MAXPATHLEN);
+                       VCWD_GETCWD(path, sizeof(path));
                }
        } /* end CHECKUID_ALLOW_ONLY_DIR */
        
Unnamed repository; edit this file 'description' to name the repository.