From: Rasmus Lerdorf <rasmus@php.net>
Date: Sat, 21 May 2005 18:54:57 +0000 (+0000)
Subject: MFH Fixed bug 33072 - safemode/open_basedir check for runtime save_path
X-Git-Tag: php-5.0.5RC1~263
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3526bcf9cf7b7fa0de4cff92d49fdcc91a90007b;p=php

MFH Fixed bug 33072 - safemode/open_basedir check for runtime save_path
change
---

diff --git a/NEWS b/NEWS
index 094745266b..8efc48aaaa 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ PHP                                                                        NEWS
 - Fixed bug #33090 (mysqli_prepare doesn't return an error). (Georg)
 - Fixed bug #33076 (str_ireplace() incorrectly counts result string length 
   and may cause segfault). (Tony)
+- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path 
+  change) (Rasmus)
 - Fixed bug #33059 (crash when moving xml attribute set in dtd). (Ilia)
 - Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
   RFC 2616 section 10.3.5) (Rasmus, Choitel)
diff --git a/ext/session/session.c b/ext/session/session.c
index 8db83409e5..bf23635290 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -131,13 +131,26 @@ static PHP_INI_MH(OnUpdateSerializer)
 	return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateSaveDir) {
+	/* Only do the safemode/open_basedir check at runtime */
+	if(stage == PHP_INI_STAGE_RUNTIME) {
+		if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+			return FAILURE;
+		}
+
+		if (php_check_open_basedir(new_value TSRMLS_CC)) {
+			return FAILURE;
+		}
+	}
+	OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
+}
 
 /* {{{ PHP_INI
  */
 PHP_INI_BEGIN()
 	STD_PHP_INI_BOOLEAN("session.bug_compat_42",    "1",         PHP_INI_ALL, OnUpdateBool,   bug_compat,         php_ps_globals,    ps_globals)
 	STD_PHP_INI_BOOLEAN("session.bug_compat_warn",  "1",         PHP_INI_ALL, OnUpdateBool,   bug_compat_warn,    php_ps_globals,    ps_globals)
-	STD_PHP_INI_ENTRY("session.save_path",          "",          PHP_INI_ALL, OnUpdateString, save_path,          php_ps_globals,    ps_globals)
+	STD_PHP_INI_ENTRY("session.save_path",          "",          PHP_INI_ALL, OnUpdateSaveDir,save_path,          php_ps_globals,    ps_globals)
 	STD_PHP_INI_ENTRY("session.name",               "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name,       php_ps_globals,    ps_globals)
 	PHP_INI_ENTRY("session.save_handler",           "files",     PHP_INI_ALL, OnUpdateSaveHandler)
 	STD_PHP_INI_BOOLEAN("session.auto_start",       "0",         PHP_INI_ALL, OnUpdateBool,   auto_start,         php_ps_globals,    ps_globals)