From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 6 Oct 2005 20:47:41 +0000 (+0000)
Subject: MFH: Added missing safe_mode checks.
X-Git-Tag: php-5.1.0RC2~87
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=71bd44ac02ae0c3fdf719b3d5f1deaf8b789ad89;p=php

MFH: Added missing safe_mode checks.
---

diff --git a/NEWS b/NEWS
index 785c56f1e9..184e1f4c37 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,7 @@ PHP                                                                        NEWS
   . ext/oracle (Jani, Derick)
   . ext/ovrimos (Jani, Derick, Pierre)
   . ext/pfpro (Jani, Derick, Pierre)
+- Added missing safe_mode checks for image* functions and cURL. (Ilia)
 - Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
 - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
 - Fixed potential GLOBALS overwrite via import_request_variables() and
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index e7091d87d2..2c0865eabf 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -65,7 +65,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
 
 #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)													\
-	if (PG(open_basedir) && *PG(open_basedir) &&                                                \
+	if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
 	    strncasecmp(str, "file://", sizeof("file://") - 1) == 0)								\
 	{ 																							\
 		php_url *tmp_url; 																		\
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 9230190a9a..96dba7ff5c 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1723,7 +1723,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
 	}
 
 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+		if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
 			RETURN_FALSE;
 		}
diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index bf7355cb2d..99cf87a170 100644
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
 	}
 
 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+		if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
 			RETURN_FALSE;
 		}