Fixed missing open_basedir check inside chdir() function.

author Ilia Alshanetsky <iliaa@php.net>

Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)
diff --git a/NEWS b/NEWS

index ad8a1bfa9d3e178b7fe1594fecf1d8511183bca2..6410fdc75009713d635e7561f7c0b07316d33d71 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ PHP                                                                        NEWS
  - Fixed mess with CGI/CLI -d option (now it works with cgi; constants are
    working exactly like in php.ini; with FastCGI -d affects all requests).
    (Dmitry)
+- Fixed missing open_basedir check inside chdir() function. (Ilia)
  - Fixed bug #39035 (Compatibilty issue between DOM and 
    zend.ze1_compatibility_mode). (Rob)
  - Fixed bug #39032 (strcspn() stops on null character). (Tony)
diff --git a/ext/standard/dir.c b/ext/standard/dir.c

index baa9a79c327956c26640f498fa3071f4020b94c1..db70ba9afb5326334bb89d9d9e52be1b11168ec7 100644 (file)
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -286,7 +286,7 @@ PHP_FUNCTION(chdir)
                 RETURN_FALSE;
         }
  
-       if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+       if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
                 RETURN_FALSE;
         }
         ret = VCWD_CHDIR(str);
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 4 Oct 2006 23:19:25 +0000 (23:19 +0000)
NEWS		patch \| blob \| history
ext/standard/dir.c		patch \| blob \| history