From: Stefan Esser <sesser@php.net>
Date: Sun, 16 Jun 2002 21:24:15 +0000 (+0000)
Subject: Fixed Bug #17790
X-Git-Tag: php-4.3.0dev_zend2_alpha2~237
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=984b48b009e07e2bbef23fc4437e0d7fc8deffe9;p=php

Fixed Bug #17790

- link and symlink now check uid and open_base_dir for link and its target
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 257d765909..23036067e7 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -114,6 +114,18 @@ PHP_FUNCTION(symlink)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to symlink to a URL");
 		RETURN_FALSE;
@@ -146,6 +158,18 @@ PHP_FUNCTION(link)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to link to a URL");
 		RETURN_FALSE;