open_basedir fixes from David Saez

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index c6781c8ce8c8feb84263c46a33cbc1cc89805774..6f673f7bc0f0afb6c7ce5d133667387a4f5d2cb8 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -192,7 +192,7 @@ PHPAPI int php_check_open_basedir(const char *path TSRMLS_DC)
                        ptr = end;
                }
                php_error_docref(NULL TSRMLS_CC, E_WARNING, 
-                       "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, pathbuf);
+                       "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
                efree(pathbuf);
                errno = EPERM; /* we deny permission to open it */
                return -1;

diff --git a/main/streams.c b/main/streams.c
index 4558ed86639628def27e35a0d4a8d775dcbd1197..d709e3e024c0baaae34968acebdb2f152fb6a8c6 100755 (executable)
--- a/main/streams.c
+++ b/main/streams.c
@@ -1763,6 +1763,12 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
                        end++;
                }
                snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
+
+               /* If file does not exist continue */
+               if (VCWD_STAT(trypath, &sb) != 0) {
+                       ptr = end;
+                       continue;
+               }
                
                if (php_check_open_basedir(trypath TSRMLS_CC)) {
                        stream = NULL;
@@ -1770,17 +1776,15 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
                }
                
                if (PG(safe_mode)) {
-                       if (VCWD_STAT(trypath, &sb) == 0) {
-                               /* file exists ... check permission */
-                               if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
-                                               php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) {
-                                       /* UID ok, or trypath is in safe_mode_include_dir */
-                                       stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
-                               } else {
-                                       stream = NULL;
-                               }
-                               goto stream_done;
+                       /* file exists ... check permission */
+                       if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) ||
+                                       php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) {
+                               /* UID ok, or trypath is in safe_mode_include_dir */
+                               stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
+                       } else {
+                               stream = NULL;
                        }
+                       goto stream_done;
                }
                stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
                if (stream) {