MFB: Extend safe_mode/open_basedir checks to imap_reopen() as well.

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 202389ffe1ffa27b31c740f474c99b64ca3497aa..5856ce95baeb6ae65cbf79ec368d40a4914626b6 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -824,6 +824,14 @@ PHP_FUNCTION(imap_reopen)
                }
                imap_le_struct->flags = cl_flags;       
        }
+
+       /* local filename, need to perform open_basedir and safe_mode checks */
+       if (Z_STRVAL_PP(mailbox)[0] != '{' && 
+                       (php_check_open_basedir(Z_STRVAL_PP(mailbox) TSRMLS_CC) || 
+                       (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(mailbox), NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+               RETURN_FALSE;
+       }
+
        imap_stream = mail_open(imap_le_struct->imap_stream, Z_STRVAL_PP(mailbox), flags);
        if (imap_stream == NIL) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Couldn't re-open stream");