Fixed bug #20110.

author Ilia Alshanetsky <iliaa@php.net>

Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)
diff --git a/main/streams.c b/main/streams.c

index cbbdba1124e31583bca0c194b94f67895f9a134e..a49c7633f4891b24d22c613551ed407113122bae 100755 (executable)
--- a/main/streams.c
+++ b/main/streams.c
@@ -1644,13 +1644,20 @@ PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, cha
  {
         FILE *fp;
         char *realpath = NULL;
+       struct stat st;
+       php_stream *ret;
  
         realpath = expand_filepath(filename, NULL TSRMLS_CC);
  
         fp = fopen(realpath, mode);
  
         if (fp) {
-               php_stream *ret = php_stream_fopen_from_file_rel(fp, mode);
+               /* this is done to prevent opening of anything other then regular files */
+               if (fstat(fileno(fp), &st) == -1 || !S_ISREG(st.st_mode)) {
+                       goto err;
+               }
+       
+               ret = php_stream_fopen_from_file_rel(fp, mode);
  
                 if (ret)        {
                         if (opened_path)        {
@@ -1662,7 +1669,7 @@ PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, cha
  
                         return ret;
                 }
-
+               err:
                 fclose(fp);
         }
         efree(realpath);
author	Ilia Alshanetsky <iliaa@php.net>
	Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Mon, 28 Oct 2002 00:28:11 +0000 (00:28 +0000)