]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac41083)
MFH: Added missing safe_mode checks.
authorIlia Alshanetsky <iliaa@php.net>
Thu, 6 Oct 2005 20:44:56 +0000 (20:44 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 6 Oct 2005 20:44:56 +0000 (20:44 +0000)
NEWS patch | blob | history
ext/curl/curl.c patch | blob | history
ext/gd/gd.c patch | blob | history
ext/gd/gd_ctx.c patch | blob | history

diff --git a/NEWS b/NEWS
index 5466f13ac911391b1a3bc4d4f45bf4c85ab32e3a..ccc5f752a28995d2c413dca706b488dfea7c61a8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2005, Version 4.4.1
+- Added missing safe_mode checks for image* functions and cURL. (Ilia)
 - Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
 - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
 - Fixed possible crash and/or memory corruption in import_request_variables().
diff --git a/ext/curl/curl.c b/ext/curl/curl.c
index 3468dfc5769b57847a2575c00467c477d39a1f7d..47dbf2f36cfbc12210542d9ebf32e204cc23e05e 100644 (file)
--- a/ext/curl/curl.c
+++ b/ext/curl/curl.c
@@ -66,7 +66,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
 
 #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                                                                                  \
-       if (PG(open_basedir) && *PG(open_basedir) &&                                                \
+       if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
            strncasecmp(str, "file://", sizeof("file://") - 1) == 0)                                                            \
        {                                                                                                                                                                                       \
                php_url *tmp_url;                                                                                                                                               \
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 0b6cf7b8a5308f0c2b9548fa98ef65c43174c2a4..c1d03c2715b48c242f2ae75634ddf23230e7f506 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1644,7 +1644,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
                        RETURN_FALSE;
                }
diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index 79ab8d1332b37fcec32104d30dfba6fb20acabff..4870138aec2e3ec102ce7378f856a9578d2df6a6 100644 (file)
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -73,7 +73,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
                        RETURN_FALSE;
                }
Unnamed repository; edit this file 'description' to name the repository.