Fixed safe_mode check for source argument of the copy() function.

author Ilia Alshanetsky <iliaa@php.net>

Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)
diff --git a/NEWS b/NEWS

index 48d111fe437e98b870de48412d3df88d2d090677..bb7dadcd7fa06ff30142ebe03d961f5537c46a6f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  30 Mar 2006, PHP 5.1.3RC2
+- Fixed safe_mode check for source argument of the copy() function. (Ilia)
  - Fixed mysqli bigint conversion under Windows (Georg)
  - Fixed XSS inside phpinfo() with long inputs. (Ilia)
  - Check 2nd parameter of tempnam() against path components. (Ilia)
diff --git a/ext/standard/file.c b/ext/standard/file.c

index 12816c75c5ffe79a808b8ba686f5861d217637ce..bc5ee3d2c1d2691aaf0439608ac16abb411b9390 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1767,7 +1767,7 @@ no_stat:
         }
  safe_to_copy:
  
-       srcstream = php_stream_open_wrapper(src, "rb", STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, NULL);
+       srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
         
         if (!srcstream) {
                 return ret;
author	Ilia Alshanetsky <iliaa@php.net>
	Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Thu, 6 Apr 2006 02:39:55 +0000 (02:39 +0000)
NEWS		patch \| blob \| history
ext/standard/file.c		patch \| blob \| history