From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 2 Nov 2004 00:37:55 +0000 (+0000)
Subject: MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
X-Git-Tag: php-5.0.3RC1~99
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e79de46f3cc894b465d09f9346745a200cb7150a;p=php

MFH: Fixed open_basedir & safe_mode bypass inside readlink() function.
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 42ab3d8d25..f809a70c33 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -65,6 +65,14 @@ PHP_FUNCTION(readlink)
 	}
 	convert_to_string_ex(filename);
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
 
 	if (ret == -1) {