MFB: Fixed bug #37265 (Added missing safe_mode & open_basedir checks to

imap_body()).

diff --git a/NEWS b/NEWS
index bdba7c0fb43a3231de58a0c7ee4f3d3cafded1e6..713b739d752354e2ac6f4ea119eea4a9a74ae136 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ PHP 4                                                                      NEWS
 - Fixed bug #38183 (disable_classes=Foobar causes disabled class to be
   called Foo). (Jani)
 - Fixed bug #38112 (corrupted gif segfaults) (Pierre)
+- Fixed bug #37265 (Added missing safe_mode & open_basedir checks to
+  imap_body()). (Ilia)
 - Fixed bug #29538 (number_format and problem with 0). (Matthew Wilmas)
 
 03 Aug 2006, Version 4.4.3

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index b1a9f9478457d25f19b2f3c133e922861d1daafe..3e30d79ebba8a9b402559d0f46856ba48a396b8a 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -731,6 +731,13 @@ static void php_imap_do_open(INTERNAL_FUNCTION_PARAMETERS, int persistent)
                efree(IMAPG(imap_password));
        }
 
+       /* local filename, need to perform open_basedir and safe_mode checks */
+       if (Z_STRVAL_PP(mailbox)[0] != '{' && 
+                       (php_check_open_basedir(Z_STRVAL_PP(mailbox) TSRMLS_CC) || 
+                       (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(mailbox), NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+               RETURN_FALSE;
+       }
+
        IMAPG(imap_user)     = estrndup(Z_STRVAL_PP(user), Z_STRLEN_PP(user));
        IMAPG(imap_password) = estrndup(Z_STRVAL_PP(passwd), Z_STRLEN_PP(passwd));