From: Ilia Alshanetsky Date: Tue, 17 Jul 2007 23:46:40 +0000 (+0000) Subject: Allow file uploads to bypass open_basedir checks (fixes regression) X-Git-Tag: php-5.2.4RC1~127 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=20aa854940698883fda725ec7055f038faac0096;p=php Allow file uploads to bypass open_basedir checks (fixes regression) --- diff --git a/main/php_open_temporary_file.c b/main/php_open_temporary_file.c index c7f78ac7c2..29b59e02fe 100644 --- a/main/php_open_temporary_file.c +++ b/main/php_open_temporary_file.c @@ -211,7 +211,7 @@ PHPAPI const char* php_get_temporary_directory(void) * This function should do its best to return a file pointer to a newly created * unique file, on every platform. */ -PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC) +PHPAPI int php_open_temporary_fd_ex(const char *dir, const char *pfx, char **opened_path_p, zend_bool open_basedir_check TSRMLS_DC) { int fd; const char *temp_dir; @@ -227,7 +227,7 @@ PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened def_tmp: temp_dir = php_get_temporary_directory(); - if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) { + if (temp_dir && *temp_dir != '\0' && (!open_basedir_check || !php_check_open_basedir(temp_dir TSRMLS_CC))) { return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC); } else { return -1; @@ -243,6 +243,11 @@ def_tmp: return fd; } +PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC) +{ + return php_open_temporary_fd_ex(dir, pfx, opened_path_p, 0 TSRMLS_CC); +} + PHPAPI FILE *php_open_temporary_file(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC) { FILE *fp; diff --git a/main/php_open_temporary_file.h b/main/php_open_temporary_file.h index 9565fcd6ca..9391d5fedb 100644 --- a/main/php_open_temporary_file.h +++ b/main/php_open_temporary_file.h @@ -23,6 +23,7 @@ BEGIN_EXTERN_C() PHPAPI FILE *php_open_temporary_file(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC); +PHPAPI int php_open_temporary_fd_ex(const char *dir, const char *pfx, char **opened_path_p, zend_bool open_basedir_check TSRMLS_DC); PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC); PHPAPI const char *php_get_temporary_directory(void); PHPAPI void php_shutdown_temporary_directory(); diff --git a/main/rfc1867.c b/main/rfc1867.c index db4c864449..9a2beefc44 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -1016,7 +1016,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (!skip_upload) { /* Handle file */ - fd = php_open_temporary_fd(PG(upload_tmp_dir), "php", &temp_filename TSRMLS_CC); + fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC); if (fd==-1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E;