]> granicus.if.org Git - php/commitdiff
Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
authorIlia Alshanetsky <iliaa@php.net>
Fri, 13 Oct 2006 01:42:20 +0000 (01:42 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Fri, 13 Oct 2006 01:42:20 +0000 (01:42 +0000)
open_basedir).

NEWS
ext/standard/basic_functions.c
ext/standard/file.c

diff --git a/NEWS b/NEWS
index 416cac90c7aaeedc8d004a9c0e9184e677cf82fe..378f19eea579f6e950177f5698970fd380148db3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ PHP                                                                        NEWS
 - Fixed bug #39067 (getDeclaringClass() and private properties). (Tony)
 - Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty
   files). (Ilia)
+- Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
+  open_basedir). (Ilia)
 - Fixed bug #38649 (uninit'd optional arg in stream_socket_sendto()). (Sara)
 - Fixed bug #38198 (possible crash when COM reports an exception). (Ilia)
 - Fixed bug #37262 (var_export() does not escape \0 character). (Ilia)
index 720c532ae12ea56f9baeeedb1a6a9cd939e109c0..1b31e9bf82865887abd586e67a8aa7b86d2743c6 100644 (file)
@@ -6032,8 +6032,7 @@ PHP_FUNCTION(move_uploaded_file)
        VCWD_UNLINK(Z_STRVAL_PP(new_path));
        if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path)) == 0) {
                successful = 1;
-       } else
-               if (php_copy_file(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path) TSRMLS_CC) == SUCCESS) {
+       } else if (php_copy_file_ex(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path), STREAM_DISABLE_OPEN_BASEDIR TSRMLS_CC) == SUCCESS) {
                VCWD_UNLINK(Z_STRVAL_PP(path));
                successful = 1;
        }
index f998278752ffdf342ac63c34e1c3a6013c9eb37d..4842b43b191b8b35c53046e909bdfb59c87ace99 100644 (file)
@@ -1711,9 +1711,14 @@ PHP_FUNCTION(copy)
 }
 /* }}} */
 
+PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
+{
+       return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
+}
+
 /* {{{ php_copy_file
  */
-PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
+PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
 {
        php_stream *srcstream = NULL, *deststream = NULL;
        int ret = FAILURE;
@@ -1768,7 +1773,7 @@ no_stat:
        }
 safe_to_copy:
 
-       srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+       srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
        
        if (!srcstream) {
                return ret;