MFH: added missing safe-mode checks

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 32ca5daee738472e2078e253ce1b5715b0ab8bfa..c1b7139aeba6e55cac299ec5cc80ca81468ebb44 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -623,7 +623,7 @@ PHP_FUNCTION(imageloadfont)
 
        convert_to_string_ex(file);
 
-       stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+       stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
        if (stream == NULL) {
                RETURN_FALSE;
        }
@@ -1440,7 +1440,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
 
        fn = Z_STRVAL_PP(file);
 
-       stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+       stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
        if (stream == NULL)     {
                RETURN_FALSE;
        }
@@ -1648,10 +1648,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
-                       RETURN_FALSE;
-               }
+               PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
 
                fp = VCWD_FOPEN(fn, "wb");
                if (!fp) {
@@ -3746,16 +3743,10 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
        }
 
        /* Check origin file */
-       if (!fn_org || fn_org == empty_string || php_check_open_basedir(fn_org TSRMLS_CC)) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org);
-               RETURN_FALSE;
-       }
+       PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");
 
        /* Check destination file */
-       if (!fn_dest || fn_dest == empty_string || php_check_open_basedir(fn_dest TSRMLS_CC)) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest);
-               RETURN_FALSE;
-       }
+       PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");
 
        /* Open origin file */
        org = VCWD_FOPEN(fn_org, "rb");

diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index 4870138aec2e3ec102ce7378f856a9578d2df6a6..f19774eef9bd969c0a354c862dba04bb2a9fb100 100644 (file)
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -73,10 +73,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
-                       RETURN_FALSE;
-               }
+               PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
 
                fp = VCWD_FOPEN(fn, "wb");
                if (!fp) {

diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h
index 2c9896ccf2816640d91e9819400e18a0d7a067e5..628d745a6a6dcb3213b7ddd3a2ce5d4e16ad4ced 100644 (file)
--- a/ext/gd/php_gd.h
+++ b/ext/gd/php_gd.h
@@ -30,6 +30,15 @@
 
 #if HAVE_LIBGD
 
+/* open_basedir and safe_mode checks */
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg)                                   \
+       if (!filename || filename == empty_string || php_check_open_basedir(filename TSRMLS_CC) || \
+               (PG(safe_mode) && !php_checkuid(filename, "rb+", CHECKUID_CHECK_FILE_AND_DIR))  \
+       ) {                                                                                 \
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg);                          \
+               RETURN_FALSE;                                                                   \
+       }
+
 #define PHP_GDIMG_TYPE_GIF      1
 #define PHP_GDIMG_TYPE_PNG      2
 #define PHP_GDIMG_TYPE_JPG      3