MFB: Added missing open_basedir & safe_mode checks to bzip:// wrapper.

author Ilia Alshanetsky <iliaa@php.net>

Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c

index 1d40902115d6067efb680b3e046d3e1b725c0b61..a06b58fd2c67b596184706249fc8a5e521d981ed 100644 (file)
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -171,6 +171,10 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
  #else
         path_copy = path;
  #endif  
+
+       if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+               return NULL;
+       }
         
         /* try and open it directly first */
         bz_file = BZ2_bzopen(path_copy, mode);
@@ -182,7 +186,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
         
         if (bz_file == NULL) {
                 /* that didn't work, so try and get something from the network/wrapper */
-               stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
+               stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
         
                 if (stream) {
                         int fd;
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 14 Mar 2007 03:52:16 +0000 (03:52 +0000)