- Added open basedir checks to file functions. (Patch by

  Christoph Kassen <chkassen@chkassen.de>)

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 48709bfb2f353048dffd18e08805d6e998645c2b..20cf1cda84df7337cf3fa61f81906ac551f7a9ba 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1463,10 +1463,15 @@ PHP_FUNCTION(mkdir)
        convert_to_long_ex(arg2);
 
        mode = (mode_t) Z_LVAL_PP(arg2);
+
        if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) {
                RETURN_FALSE;
        }
 
+       if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = VCWD_MKDIR(Z_STRVAL_PP(arg1), mode);
        if (ret < 0) {
                php_error(E_WARNING, "mkdir() failed (%s)", strerror(errno));
@@ -1488,10 +1493,15 @@ PHP_FUNCTION(rmdir)
        }
 
        convert_to_string_ex(arg1);
+
        if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) {
                RETURN_FALSE;
        }
 
+       if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = VCWD_RMDIR(Z_STRVAL_PP(arg1));
        if (ret < 0) {
                php_error(E_WARNING, "rmdir() failed (%s)", strerror(errno));
@@ -1695,6 +1705,11 @@ PHP_FUNCTION(rename)
        if (PG(safe_mode) &&(!php_checkuid(old_name, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }
+
+       if (php_check_open_basedir(old_name TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = VCWD_RENAME(old_name, new_name);
 
        if (ret == -1) {
@@ -1722,6 +1737,10 @@ PHP_FUNCTION(unlink)
                RETURN_FALSE;
        }
 
+       if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = VCWD_UNLINK(Z_STRVAL_PP(filename));
        if (ret == -1) {
                php_error(E_WARNING, "unlink() failed (%s)", strerror(errno));