From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 25 Nov 2003 16:05:18 +0000 (+0000)
Subject: Replace fopen() inside domxml_xslt_process() with streams code to prevent
X-Git-Tag: php-4.3.5RC1~172
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bbbf8effb4bfaa6f3487f804f42be041dbb2d3ea;p=php

Replace fopen() inside domxml_xslt_process() with streams code to prevent
a possible crash and enforce safe_mode & open_basedir restrictions.

Revert workaround for bug #26384, which is due to a bug in libxslt.
Christian will commit a better workaround shortly.
---

diff --git a/ext/domxml/php_domxml.c b/ext/domxml/php_domxml.c
index a741b50ea8..9295bfdf7e 100644
--- a/ext/domxml/php_domxml.c
+++ b/ext/domxml/php_domxml.c
@@ -729,6 +729,7 @@ static void php_free_xml_doc(zend_rsrc_list_entry *rsrc TSRMLS_DC)
 	xmlDoc *doc = (xmlDoc *) rsrc->ptr;
 
 	if (doc) {
+		node_list_wrapper_dtor(doc->children, 1 TSRMLS_CC);
 		node_wrapper_dtor((xmlNodePtr) doc);
 		xmlFreeDoc(doc);
 	}
@@ -5383,6 +5384,7 @@ PHP_FUNCTION(domxml_xslt_process)
 	int ret, clone = 0;
 	char *filename;
 	int filename_len = 0;
+	FILE *f;
 
 	DOMXML_GET_THIS(idxsl);
 
@@ -5396,6 +5398,10 @@ PHP_FUNCTION(domxml_xslt_process)
 		RETURN_FALSE;
 	}
 
+	if (filename_len && !(f = php_stream_open_wrapper_as_file(filename, "w", ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL))) {
+		RETURN_FALSE;
+	}
+
 	DOMXML_GET_OBJ(xmldocp, idxml, le_domxmldocp);
 
 	if (idparams) {
@@ -5407,8 +5413,6 @@ PHP_FUNCTION(domxml_xslt_process)
 	}
 
 	if (filename_len) {
-		FILE *f;
-		f = fopen (filename,"w");
 		docp = xsltProfileStylesheet(xsltstp, xmldocp, (const char**)params, f);
 		fclose(f);
 	} else {