From c8a366abc6a9649f260ef99c2cc02abfde3cf520 Mon Sep 17 00:00:00 2001 From: foobar Date: Thu, 3 Nov 2005 20:20:10 +0000 Subject: [PATCH] MFH: added missing safe-mode checks --- ext/gd/gd.c | 19 +++++-------------- ext/gd/gd_ctx.c | 5 +---- ext/gd/php_gd.h | 9 +++++++++ 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 32ca5daee7..c1b7139aeb 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -623,7 +623,7 @@ PHP_FUNCTION(imageloadfont) convert_to_string_ex(file); - stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -1440,7 +1440,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, fn = Z_STRVAL_PP(file); - stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); + stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -1648,10 +1648,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); fp = VCWD_FOPEN(fn, "wb"); if (!fp) { @@ -3746,16 +3743,10 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) } /* Check origin file */ - if (!fn_org || fn_org == empty_string || php_check_open_basedir(fn_org TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename"); /* Check destination file */ - if (!fn_dest || fn_dest == empty_string || php_check_open_basedir(fn_dest TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename"); /* Open origin file */ org = VCWD_FOPEN(fn_org, "rb"); diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c index 4870138aec..f19774eef9 100644 --- a/ext/gd/gd_ctx.c +++ b/ext/gd/gd_ctx.c @@ -73,10 +73,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); fp = VCWD_FOPEN(fn, "wb"); if (!fp) { diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h index 2c9896ccf2..628d745a6a 100644 --- a/ext/gd/php_gd.h +++ b/ext/gd/php_gd.h @@ -30,6 +30,15 @@ #if HAVE_LIBGD +/* open_basedir and safe_mode checks */ +#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ + if (!filename || filename == empty_string || php_check_open_basedir(filename TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(filename, "rb+", CHECKUID_CHECK_FILE_AND_DIR)) \ + ) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ + RETURN_FALSE; \ + } + #define PHP_GDIMG_TYPE_GIF 1 #define PHP_GDIMG_TYPE_PNG 2 #define PHP_GDIMG_TYPE_JPG 3 -- 2.40.0