From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 2 Nov 2004 00:38:07 +0000 (+0000)
Subject: MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
X-Git-Tag: php-4.3.10RC1~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e0fc58c29f35530e12314c2548db79a77edfd87c;p=php

MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index b70e9e68bf..5dde068b67 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -65,6 +65,14 @@ PHP_FUNCTION(readlink)
 	}
 	convert_to_string_ex(filename);
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
 
 	if (ret == -1) {