From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 5 Oct 2005 14:32:19 +0000 (+0000)
Subject: Missing safe_mode/open_basedir checks for file uploads.
X-Git-Tag: RELEASE_0_9_1~250
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f10effd288424306993003947a92579b96f27a6f;p=php

Missing safe_mode/open_basedir checks for file uploads.
---

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index e5f1fb8300..5da8efb96b 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1152,10 +1152,15 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 					 * must be explicitly cast to long in curl_formadd
 					 * use since curl needs a long not an int. */
 					if (*postval == '@') {
+						++postval;
+						/* safe_mode / open_basedir check */
+						if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+							RETURN_FALSE;
+						}
 						error = curl_formadd(&first, &last, 
 											 CURLFORM_COPYNAME, string_key,
 											 CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-											 CURLFORM_FILE, ++postval, 
+											 CURLFORM_FILE, postval, 
 											 CURLFORM_END);
 					} else {
 						error = curl_formadd(&first, &last,