]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a451f1c)
MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
authorIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:38:07 +0000 (00:38 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:38:07 +0000 (00:38 +0000)
ext/standard/link.c patch | blob | history

diff --git a/ext/standard/link.c b/ext/standard/link.c
index b70e9e68bf20e18ff9bbb58ddebc0fbf84eb3019..5dde068b67a1ee733e94a7a48a76b700c7222a3c 100644 (file)
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -65,6 +65,14 @@ PHP_FUNCTION(readlink)
        }
        convert_to_string_ex(filename);
 
+       if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+               RETURN_FALSE;
+       }
+
+       if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
 
        if (ret == -1) {
Unnamed repository; edit this file 'description' to name the repository.