From: Ilia Alshanetsky Date: Thu, 6 Oct 2005 20:37:25 +0000 (+0000) Subject: Added missing safe_mode checks. X-Git-Tag: RELEASE_0_9_1~214 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37a1bb6f52eec4f66848812052f3240d7d10bee5;p=php Added missing safe_mode checks. --- diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 5da8efb96b..7a70093db3 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ - if (PG(open_basedir) && *PG(open_basedir) && \ + if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ { \ php_url *tmp_url; \ diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 0bd96eb98a..361076dc4c 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1709,7 +1709,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); RETURN_FALSE; } diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c index bf7355cb2d..99cf87a170 100644 --- a/ext/gd/gd_ctx.c +++ b/ext/gd/gd_ctx.c @@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); RETURN_FALSE; }