From: Sara Golemon <pollita@php.net>
Date: Sat, 17 May 2003 04:20:12 +0000 (+0000)
Subject: Bug #14369.  ftp extension allows circumvention of safe_mode restrictions
X-Git-Tag: BEFORE_FD_REVERT~58
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bab2866e213767bbd712b51733fd19153978f3b9;p=php

Bug #14369.  ftp extension allows circumvention of safe_mode restrictions
---

diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c
index e6de1d548f..b125fa98db 100644
--- a/ext/ftp/php_ftp.c
+++ b/ext/ftp/php_ftp.c
@@ -598,9 +598,19 @@ PHP_FUNCTION(ftp_get)
 		resumepos = 0;
 	}
 
+	if (php_check_open_basedir(local TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (ftp->autoseek && resumepos) {
+		if (PG(safe_mode) && (!php_checkuid(local, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
 		outstream = php_stream_fopen(local, "rb+", NULL);
 		if (outstream == NULL) {
+			if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) {
+				RETURN_FALSE;
+			}
 			outstream = php_stream_fopen(local, "wb", NULL);
 		}
 		if (outstream != NULL) {
@@ -613,6 +623,9 @@ PHP_FUNCTION(ftp_get)
 			}
 		}
 	} else {
+		if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
 		outstream = php_stream_fopen(local, "wb", NULL);
 	}
 
@@ -656,9 +669,19 @@ PHP_FUNCTION(ftp_nb_get)
 		resumepos = 0;
 	}
 
+	if (php_check_open_basedir(local TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (ftp->autoseek && resumepos) {
+		if (PG(safe_mode) && (!php_checkuid(local, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
 		outstream = php_stream_fopen(local, "rb+", NULL);
 		if (outstream == NULL) {
+			if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) {
+				RETURN_FALSE;
+			}
 			outstream = php_stream_fopen(local, "wb", NULL);
 		}
 		if (outstream != NULL) {
@@ -671,6 +694,9 @@ PHP_FUNCTION(ftp_nb_get)
 			}
 		}
 	} else {
+		if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
 		outstream = php_stream_fopen(local, "wb", NULL);
 	}
 
@@ -852,6 +878,13 @@ PHP_FUNCTION(ftp_put)
 	ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
 	XTYPE(xtype, mode);
 
+	if (php_check_open_basedir(local TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+	if (PG(safe_mode) && (!php_checkuid(local, "rb", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	instream = php_stream_fopen(local, "rb", NULL);
 
 	if (instream == NULL)	{
@@ -907,6 +940,13 @@ PHP_FUNCTION(ftp_nb_put)
 	ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf);
 	XTYPE(xtype, mode);
 
+	if (php_check_open_basedir(local TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+	if (PG(safe_mode) && (!php_checkuid(local, "rb", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	instream = php_stream_fopen(local, "rb", NULL);
 
 	if (instream == NULL)	{