From: Felipe Pena Date: Mon, 21 Jul 2008 19:32:21 +0000 (+0000) Subject: - Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666. X-Git-Tag: php-5.3.0alpha1~228 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dab8b811c28a1f9f45c7db717bf890dc9d9db97a;p=php - Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666. (patch by Christian Hoffmann) --- diff --git a/main/safe_mode.c b/main/safe_mode.c index b791351c3b..d9d1a4f02b 100644 --- a/main/safe_mode.c +++ b/main/safe_mode.c @@ -73,14 +73,6 @@ PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mod mode = CHECKUID_CHECK_FILE_AND_DIR; } } - - /* - * If given filepath is a URL, allow - safe mode stuff - * related to URL's is checked in individual functions - */ - wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC); - if (wrapper != NULL) - return 1; /* First we see if the file is owned by the same user... * If that fails, passthrough and check directory...