From: Ilia Alshanetsky Date: Sun, 1 Oct 2006 20:58:02 +0000 (+0000) Subject: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for X-Git-Tag: php-5.2.0RC5~59 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=154f70acf1560bd6633cf7cce1efe1528f35c36f;p=php Fixed bug #38993 (Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters). --- diff --git a/NEWS b/NEWS index f774d37bf1..a48a14a18f 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ PHP NEWS - Fixed mess with CGI/CLI -d option (now it works with cgi; constants are working exactly like in php.ini; with FastCGI -d affects all requests). (Dmitry) +- Fixed bug #38993 (Fixed safe_mode/open_basedir checks for + session.save_path, allowing them to account for extra parameters). (Ilia) - Fixed bug #38981 (using FTP URLs in get_headers() causes crash). (Tony) - Fixed bug #38961 (metaphone() results in segmentation fault on NetBSD). (Tony) diff --git a/ext/session/session.c b/ext/session/session.c index 3078cff9fc..1d6f991b14 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -154,11 +154,19 @@ static PHP_INI_MH(OnUpdateSaveDir) { /* Only do the safemode/open_basedir check at runtime */ if (stage == PHP_INI_STAGE_RUNTIME) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + char *p; + + if ((p = zend_memrchr(new_value, ';', new_value_length))) { + p++; + } else { + p = new_value; + } + + if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_ALLOW_ONLY_DIR))) { return FAILURE; } - if (php_check_open_basedir(new_value TSRMLS_CC)) { + if (php_check_open_basedir(p TSRMLS_CC)) { return FAILURE; } } diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 7beb9deb92..78bfea7ed9 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -5622,7 +5622,6 @@ PHP_FUNCTION(ini_set) _CHECK_PATH(varname, "java.class.path") || _CHECK_PATH(varname, "java.home") || _CHECK_PATH(varname, "java.library.path") || - _CHECK_PATH(varname, "session.save_path") || _CHECK_PATH(varname, "vpopmail.directory")) { if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { zval_dtor(return_value);