From 6139a2c8cecd021790ee839c5697c614b1cc9a5c Mon Sep 17 00:00:00 2001 From: Andi Gutmans Date: Wed, 1 Nov 2000 18:05:27 +0000 Subject: [PATCH] - Define the different possible modes for readibility and use in the rest - of PHP --- main/safe_mode.c | 78 +++++++++++++++++++++++++++--------------------- main/safe_mode.h | 6 ++++ 2 files changed, 50 insertions(+), 34 deletions(-) diff --git a/main/safe_mode.c b/main/safe_mode.c index 9425130aa3..1a11decc69 100644 --- a/main/safe_mode.c +++ b/main/safe_mode.c @@ -30,6 +30,7 @@ #include "safe_mode.h" #include "SAPI.h" + /* * php_checkuid * @@ -40,20 +41,23 @@ * 2 - if file does not exist, check directory * 3 - only check directory (needed for mkdir) */ -PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode) + +PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) { struct stat sb; int ret; long uid=0L, duid=0L; char *s; - if (!fn) return(0); /* path must be provided */ + if (!filename) { + return 0; /* path must be provided */ + } if (fopen_mode) { if (fopen_mode[0] == 'r') { - mode = 0; + mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; } else { - mode = 2; + mode = CHECKUID_CHECK_FILE_AND_DIR; } } @@ -61,58 +65,64 @@ PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode) * If given filepath is a URL, allow - safe mode stuff * related to URL's is checked in individual functions */ - if (!strncasecmp(fn,"http://",7) || !strncasecmp(fn,"ftp://",6)) { - return(1); + if (!strncasecmp(filename,"http://",7) || !strncasecmp(filename,"ftp://",6)) { + return 1; } - if (mode<3) { - ret = V_STAT(fn,&sb); - if (ret<0 && mode < 2) { - php_error(E_WARNING,"Unable to access %s",fn); - return(mode); - } - if (ret>-1) { - uid=sb.st_uid; - if (uid==php_getuid()) return(1); + if (mode != CHECKUID_ALLOW_ONLY_DIR) { + ret = V_STAT(filename, &sb); + if (ret < 0) { + if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { + php_error(E_WARNING, "Unable to access %s", filename); + return 0; + } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) + php_error(E_WARNING, "Unable to access %s", filename);{ + return 1; + } + } else { + uid = sb.st_uid; + if (uid == php_getuid()) { + return 1; + } } } - s = strrchr(fn,'/'); + s = strrchr(filename,'/'); /* This loop gets rid of trailing slashes which could otherwise be * used to confuse the function. */ - while(s && *(s+1)=='\0' && s>fn) { + while(s && *(s+1)=='\0' && s>filename) { *s='\0'; - s = strrchr(fn,'/'); + s = strrchr(filename,'/'); } if (s) { *s='\0'; - ret = V_STAT(fn,&sb); + ret = V_STAT(filename, &sb); *s='/'; - if (ret<0) { - php_error(E_WARNING, "Unable to access %s",fn); - return(0); + if (ret < 0) { + php_error(E_WARNING, "Unable to access %s", filename); + return 0; } duid = sb.st_uid; } else { - s = emalloc(MAXPATHLEN+1); - if (!V_GETCWD(s,MAXPATHLEN)) { + char cwd[MAXPATHLEN+1]; + if (!V_GETCWD(cwd, MAXPATHLEN)) { php_error(E_WARNING, "Unable to access current working directory"); - return(0); + return 0; } - ret = V_STAT(s,&sb); - efree(s); - if (ret<0) { - php_error(E_WARNING, "Unable to access %s",s); - return(0); + ret = V_STAT(cwd, &sb); + if (ret < 0) { + php_error(E_WARNING, "Unable to access %s", cwd); + return 0; } duid = sb.st_uid; } - if (duid == (uid=php_getuid())) return(1); - else { - php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld",uid,fn,duid); - return(0); + if (duid == (uid=php_getuid())) { + return 1; + } else { + php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid); + return 0; } } diff --git a/main/safe_mode.h b/main/safe_mode.h index 25eba90c4f..d34f7dc911 100644 --- a/main/safe_mode.h +++ b/main/safe_mode.h @@ -1,6 +1,12 @@ #ifndef SAFE_MODE_H #define SAFE_MODE_H +/* mode's for php_checkuid() */ +#define CHECKUID_DISALLOW_FILE_NOT_EXISTS 0 +#define CHECKUID_ALLOW_FILE_NOT_EXISTS 1 +#define CHECKUID_CHECK_FILE_AND_DIR 2 +#define CHECKUID_ALLOW_ONLY_DIR 3 + extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode); extern PHPAPI char *php_get_current_user(void); -- 2.50.1