]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 66a74b4)
MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
authorIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:37:55 +0000 (00:37 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Tue, 2 Nov 2004 00:37:55 +0000 (00:37 +0000)
ext/standard/link.c patch | blob | history

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 42ab3d8d251e3a8e23689c4f932146abf8c47967..f809a70c33d16fd02360d09ca41316d240937835 100644 (file)
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -65,6 +65,14 @@ PHP_FUNCTION(readlink)
        }
        convert_to_string_ex(filename);
 
+       if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+               RETURN_FALSE;
+       }
+
+       if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
        ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
 
        if (ret == -1) {
Unnamed repository; edit this file 'description' to name the repository.