From: Greg Beaver <cellog@php.net>
Date: Sun, 27 Apr 2008 23:59:41 +0000 (+0000)
Subject: add open_basedir/safe_mode checks for files in Phar::addFile()
X-Git-Tag: RELEASE_2_0_0b1~170
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5da6c48f7d698e172b762b6d41955bcefdc3b7f6;p=php

add open_basedir/safe_mode checks for files in Phar::addFile()
---

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index ac89a3ed42..fb1c1ff1b7 100755
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -3244,6 +3244,18 @@ PHP_METHOD(Phar, addFile)
 		return;
 	}
 
+#if PHP_MAJOR_VERSION < 6
+	if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
+		zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, safe_mode restrictions prevent this", fname);
+		return;
+	}
+#endif
+
+	if (!strstr(fname, "://") && php_check_open_basedir(fname TSRMLS_CC)) {
+		zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive, open_basedir restrictions prevent this", fname);
+		return;
+	}
+
 	if (!(resource = php_stream_open_wrapper(fname, "rb", 0, NULL))) {
 		zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, "phar error: unable to open file \"%s\" to add to phar archive", fname);
 		return;