From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 21 May 2003 00:57:48 +0000 (+0000)
Subject: MFH
X-Git-Tag: BEFORE_FD_REVERT~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5d900b5171d39bbc86859aecea26b2edef1ec71f;p=php

MFH
---

diff --git a/ext/cpdf/cpdf.c b/ext/cpdf/cpdf.c
index 25512d02f8..a02f310f40 100644
--- a/ext/cpdf/cpdf.c
+++ b/ext/cpdf/cpdf.c
@@ -475,6 +475,10 @@ PHP_FUNCTION(cpdf_open)
 		if(strcmp(Z_STRVAL_P(arg2), "-") == 0)
 			php_error(E_WARNING, "%s(): Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Write to a memory stream and use cpdf_output_buffer() instead.", get_active_function_name(TSRMLS_C));
 #endif
+		if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
+
 		cpdf_setOutputFilename(cpdf, Z_STRVAL_P(arg2));
 	}
 	cpdf_init(cpdf);
@@ -928,6 +932,10 @@ PHP_FUNCTION(cpdf_set_font_map_file)
 		RETURN_FALSE;
 	}
 
+	if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	cpdf_setFontMapFile(pdf, Z_STRVAL_P(arg2));
 
 	RETURN_TRUE;
@@ -2378,6 +2386,10 @@ PHP_FUNCTION(cpdf_save_to_file)
 		php_error(E_WARNING, "%s(): Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Use cpdf_output_buffer() instead.", get_active_function_name(TSRMLS_C));
 #endif
 
+	if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	cpdf_savePDFmemoryStreamToFile(pdf, Z_STRVAL_P(arg2));
 
 	RETURN_TRUE;
@@ -2401,6 +2413,11 @@ PHP_FUNCTION(cpdf_import_jpeg)
 
 	convert_to_long(argv[0]);
 	convert_to_string(argv[1]);
+
+	if (php_check_open_basedir(Z_STRVAL_P(argv[1]) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(argv[1]), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	convert_to_double(argv[2]);
 	convert_to_double(argv[3]);
 	convert_to_double(argv[4]);
diff --git a/ext/pdf/pdf.c b/ext/pdf/pdf.c
index f10ba4e858..1d61ffc452 100644
--- a/ext/pdf/pdf.c
+++ b/ext/pdf/pdf.c
@@ -2335,6 +2335,11 @@ PHP_FUNCTION(pdf_open_file)
 	if (argc == 2) {
 		convert_to_string_ex(arg2);
 		filename = Z_STRVAL_PP(arg2);
+
+		if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
+
 		pdf_file = PDF_open_file(pdf, filename);
 	} else {
 		/* open in memory */