]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d3dc0a3)
MFH: Added missing safe_mode checks.
authorIlia Alshanetsky <iliaa@php.net>
Thu, 6 Oct 2005 20:47:41 +0000 (20:47 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 6 Oct 2005 20:47:41 +0000 (20:47 +0000)
NEWS patch | blob | history
ext/curl/interface.c patch | blob | history
ext/gd/gd.c patch | blob | history
ext/gd/gd_ctx.c patch | blob | history

diff --git a/NEWS b/NEWS
index 785c56f1e9ef3d05c70f13943961d0fbc5b2be90..184e1f4c3729dc62df19f071ab21d10d8f696b93 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,7 @@ PHP                                                                        NEWS
   . ext/oracle (Jani, Derick)
   . ext/ovrimos (Jani, Derick, Pierre)
   . ext/pfpro (Jani, Derick, Pierre)
+- Added missing safe_mode checks for image* functions and cURL. (Ilia)
 - Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
 - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
 - Fixed potential GLOBALS overwrite via import_request_variables() and
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index e7091d87d2131ab11a752743eb1ba8bc8364c5e5..2c0865eabf5996e2ba1150d639fd4d3c2584f538 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
 
 #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                                                                                  \
-       if (PG(open_basedir) && *PG(open_basedir) &&                                                \
+       if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
            strncasecmp(str, "file://", sizeof("file://") - 1) == 0)                                                            \
        {                                                                                                                                                                                       \
                php_url *tmp_url;                                                                                                                                               \
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 9230190a9ad77b8409f571689acdf029ecca2239..96dba7ff5c70fa04790902a45fd53ce1ae1d22e5 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1723,7 +1723,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
                        RETURN_FALSE;
                }
diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index bf7355cb2d03654a4e4490adb49829963601cc30..99cf87a17061b1c1a16be5c9325c3788f5d06d44 100644 (file)
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
                        RETURN_FALSE;
                }
Unnamed repository; edit this file 'description' to name the repository.