From: Rasmus Lerdorf <rasmus@php.net>
Date: Sun, 5 Nov 2006 20:44:52 +0000 (+0000)
Subject: data: and php:stdin/input allow_url_include checks
X-Git-Tag: RELEASE_1_0_0RC1~1123
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4ee758a8e08fd9356959625949089408efc4d7c0;p=php

data: and php:stdin/input allow_url_include checks
---

diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c
index a5bf5a130e..492de62e58 100644
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@@ -185,12 +185,24 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch
 	if (!strcasecmp(path, "output")) {
 		return php_stream_alloc(&php_stream_output_ops, NULL, 0, "wb");
 	}
-	
+
 	if (!strcasecmp(path, "input")) {
+		if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) {
+			if (options & REPORT_ERRORS) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
+			}
+			return NULL;
+		}
 		return php_stream_alloc(&php_stream_input_ops, ecalloc(1, sizeof(off_t)), 0, "rb");
 	}  
 	
 	if (!strcasecmp(path, "stdin")) {
+		if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) {
+			if (options & REPORT_ERRORS) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
+			}
+			return NULL;
+		}
 		if (!strcmp(sapi_module.name, "cli")) {
 			static int cli_in = 0;
 			fd = STDIN_FILENO;