From: Wez Furlong <wez@php.net>
Date: Thu, 17 Apr 2003 01:57:55 +0000 (+0000)
Subject: Implement safe_mode and open_basedir checks.
X-Git-Tag: RELEASE_0_5~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2d14d8b52015f7cd972ab123f46777769df8e2ce;p=php

Implement safe_mode and open_basedir checks.
Add package.xml
---

diff --git a/ext/sqlite/package.xml b/ext/sqlite/package.xml
new file mode 100644
index 0000000000..72668de54e
--- /dev/null
+++ b/ext/sqlite/package.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE package SYSTEM "../../../php4/pear/package.dtd">
+<package>
+  <name>SQLite</name>
+  <summary>SQLite database bindings</summary>
+  <maintainers>
+    <maintainer>
+      <user>wez</user>
+      <name>Wez Furlong</name>
+      <email>wez@php.net</email>
+      <role>lead</role>
+    </maintainer>
+  </maintainers>
+  <description>
+	SQLite is a C library that implements an embeddable SQL database engine.
+	Programs that link with the SQLite library can have SQL database access
+	without running a separate RDBMS process.
+	This extension allows you to access SQLite databases from within PHP.
+  </description>
+  <license>PHP</license>
+  <release>
+    <state>beta</state>
+    <version>0.5</version>
+    <date>2003-04-17</date>
+	<notes>
+		Initial release
+    </notes>
+    <filelist>
+      <file role="src" name="config.m4"/>
+      <file role="src" name="sqlite.c"/>
+      <file role="src" name="php_sqlite.h"/>
+      <file role="doc" name="CREDITS"/>
+      <file role="doc" name="README"/>
+      <file role="doc" name="TODO"/>
+      <file role="doc" name="sqlite.php"/>
+      <file role="test" name="tests/001.phpt"/>
+    </filelist>
+  </release>
+</package>
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 39d193f447..7ff5a20e73 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -135,7 +135,13 @@ PHP_FUNCTION(sqlite_open)
 		return;
 	}
 
-	/* TODO: safemode and open_basedir checks on the filename */
+	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(filename TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
 	
 	db = sqlite_open(filename, mode, &errtext);