From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 20 May 2003 00:37:00 +0000 (+0000)
Subject: Added missing safe_mode & open_basedir checks.
X-Git-Tag: RELEASE_1_0_2~710
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=31f0d1c94941fa2bd40472070450f1b4635e8828;p=php

Added missing safe_mode & open_basedir checks.
---

diff --git a/ext/pdf/pdf.c b/ext/pdf/pdf.c
index 75e53f93fc..c02a275eaa 100644
--- a/ext/pdf/pdf.c
+++ b/ext/pdf/pdf.c
@@ -1838,7 +1838,11 @@ static void _php_pdf_open_image(INTERNAL_FUNCTION_PARAMETERS, char *type)
 #else
 	image = Z_STRVAL_PP(arg2);
 #endif  
-        
+
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdf_image = PDF_open_image_file(pdf, type, image, "", 0);
 
 	RETURN_LONG(pdf_image+PDFLIB_IMAGE_OFFSET);
@@ -1912,6 +1916,10 @@ PHP_FUNCTION(pdf_open_image_file)
 	image = Z_STRVAL_PP(arg3);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	if (argc == 3) {
 		pdf_image = PDF_open_image_file(pdf, Z_STRVAL_PP(arg2), image, "", 0);
 	} else {
@@ -2535,6 +2543,10 @@ PHP_FUNCTION(pdf_open_ccitt)
 	image = Z_STRVAL_PP(arg2);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	convert_to_long_ex(arg3);
 	convert_to_long_ex(arg4);
 	convert_to_long_ex(arg5);
@@ -2584,6 +2596,10 @@ PHP_FUNCTION(pdf_open_image)
 	image = Z_STRVAL_PP(arg4);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdf_image = PDF_open_image(pdf,
 		Z_STRVAL_PP(arg2),
 		Z_STRVAL_PP(arg3),
@@ -2622,6 +2638,10 @@ PHP_FUNCTION(pdf_attach_file)
 	convert_to_string_ex(arg9);
 	convert_to_string_ex(arg10);
 
+	if (php_check_open_basedir(Z_STRVAL_PP(arg6) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg6), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	PDF_attach_file(pdf,
 		(float) Z_DVAL_PP(arg2),
 		(float) Z_DVAL_PP(arg3),
@@ -2762,6 +2782,10 @@ PHP_FUNCTION(pdf_open_pdi)
 	file = Z_STRVAL_PP(arg2);
 #endif  
 
+	if (php_check_open_basedir(file TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(file, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdi_handle = PDF_open_pdi(pdf,
 		file,
 		Z_STRVAL_PP(arg3),