Added missing safe_mode & open_basedir checks.

diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c
index b9d93a7dcbb9c56d72fd26a525bf6074222a1aad..e3568b199abbe6c71b3bf7d18e1a813f8397329e 100644 (file)
--- a/ext/fdf/fdf.c
+++ b/ext/fdf/fdf.c
@@ -725,6 +725,10 @@ PHP_FUNCTION(fdf_set_file)
                return;
        }
 
+       if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
        err = FDFSetFile(fdf, filename);
@@ -1485,6 +1489,10 @@ PHP_FUNCTION(fdf_get_attachment) {
        
        ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
+       if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+               RETURN_FALSE;
+       }
+
        strncpy(pathbuf , savepath, MAXPATHLEN-1);
        pathbuf[MAXPATHLEN-1] = '\0';