From 984b48b009e07e2bbef23fc4437e0d7fc8deffe9 Mon Sep 17 00:00:00 2001
From: Stefan Esser <sesser@php.net>
Date: Sun, 16 Jun 2002 21:24:15 +0000
Subject: [PATCH] Fixed Bug #17790

- link and symlink now check uid and open_base_dir for link and its target
---
 ext/standard/link.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 257d765909..23036067e7 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -114,6 +114,18 @@ PHP_FUNCTION(symlink)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to symlink to a URL");
 		RETURN_FALSE;
@@ -146,6 +158,18 @@ PHP_FUNCTION(link)
 		RETURN_FALSE;
 	}
 
+	if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(frompath), NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(topath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(frompath) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	if (!strncasecmp(Z_STRVAL_PP(topath), "http://", 7) || !strncasecmp(Z_STRVAL_PP(topath), "ftp://", 6)) {
 		php_error(E_WARNING, "Unable to link to a URL");
 		RETURN_FALSE;
-- 
2.50.1