Missing safe_mode/open_basedir checks for file uploads.

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index e5f1fb83007d0225dd2f1eb44a00bdcf412d74b6..5da8efb96b537ae37306d3aff46fc2978f32e48b 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1152,10 +1152,15 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
                                         * must be explicitly cast to long in curl_formadd
                                         * use since curl needs a long not an int. */
                                        if (*postval == '@') {
+                                               ++postval;
+                                               /* safe_mode / open_basedir check */
+                                               if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+                                                       RETURN_FALSE;
+                                               }
                                                error = curl_formadd(&first, &last, 
                                                                                         CURLFORM_COPYNAME, string_key,
                                                                                         CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-                                                                                        CURLFORM_FILE, ++postval, 
+                                                                                        CURLFORM_FILE, postval, 
                                                                                         CURLFORM_END);
                                        } else {
                                                error = curl_formadd(&first, &last,