From: Rasmus Lerdorf <rasmus@php.net>
Date: Sat, 11 May 2002 19:19:49 +0000 (+0000)
Subject: Another safe-mode fix.  parse_ini_file() did not check
X-Git-Tag: php-4.3.0dev-ZendEngine2-Preview1~114
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=465b2d54db115581c30d356e36b4addfed66dbfe;p=php

Another safe-mode fix.  parse_ini_file() did not check
@ safe-mode fix for parse_ini_file()  (Rasmus)
---

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 27452efa19..be97f01373 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2471,6 +2471,15 @@ PHP_FUNCTION(parse_ini_file)
 	}
 
 	convert_to_string_ex(filename);
+
+	if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_ONLY_FILE))) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	fh.handle.fp = VCWD_FOPEN(Z_STRVAL_PP(filename), "r");
 	if (!fh.handle.fp) {
 		php_error(E_WARNING, "Cannot open '%s' for reading", Z_STRVAL_PP(filename));