Fixed bug #37265 (Added missing safe_mode & open_basedir checks to

imap_body()).

diff --git a/NEWS b/NEWS
index 0e49206f26dbacd5d69c842e0de0e0acafec6801..7b1e47709e2202929e23f1bf554f328dcce8930c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,8 @@ PHP                                                                        NEWS
   compatibility issue). (Jani, patch by scott dot moynes+php at gmail dot com)
 - Fixed bug #37445 (Fixed crash in pdo_mysql resulting from premature object
   destruction). (Ilia)
+- Fixed bug #37265 (Added missing safe_mode & open_basedir checks to
+  imap_body()). (Ilia)
 
 24 Jul 2006, PHP 5.2.0RC1
 - Updated bundled MySQL client library to version 5.0.22 in the Windows

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index d4dc2cb0001fec5083e85ef83b646145415e19c5..ed8da2daffbd879b76229554bffd12e297b0eae5 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -763,6 +763,13 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
                efree(IMAPG(imap_password));
        }
 
+       /* local filename, need to perform open_basedir and safe_mode checks */
+       if (Z_STRVAL_PP(mailbox)[0] != '{' && 
+                       (php_check_open_basedir(Z_STRVAL_PP(mailbox) TSRMLS_CC) || 
+                       (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(mailbox), NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+               RETURN_FALSE;
+       }
+
        IMAPG(imap_user)     = estrndup(Z_STRVAL_PP(user), Z_STRLEN_PP(user));
        IMAPG(imap_password) = estrndup(Z_STRVAL_PP(passwd), Z_STRLEN_PP(passwd));