From: Stefan Esser <sesser@php.net>
Date: Sun, 23 Jun 2002 17:18:17 +0000 (+0000)
Subject: MFH: link/symlink safe_mode/open_base_dir fix
X-Git-Tag: php-4.2.3RC1~108
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=336ca133d3063e96b4624de5095db70e774076ce;p=php

MFH: link/symlink safe_mode/open_base_dir fix
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 257d765909..23036067e7 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -114,6 +114,18 @@ PHP_FUNCTION(symlink)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to symlink to a URL");
 		RETURN_FALSE;
@@ -146,6 +158,18 @@ PHP_FUNCTION(link)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to link to a URL");
 		RETURN_FALSE;