From cd88ac738b82c9d72b7a9e72891de28aece20dfc Mon Sep 17 00:00:00 2001
From: Dan Kalowsky <kalowsky@php.net>
Date: Fri, 15 Feb 2002 17:24:44 +0000
Subject: [PATCH] fix for bug 15516, patch submitted by torben@php.net

---
 ext/odbc/php_odbc.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c
index dddf743ab5..949a3e08b7 100644
--- a/ext/odbc/php_odbc.c
+++ b/ext/odbc/php_odbc.c
@@ -943,10 +943,21 @@ PHP_FUNCTION(odbc_execute)
 			else
 				ctype = SQL_C_CHAR;
 
-			if (Z_STRVAL_PP(tmp)[0] == '\'' && 
+			if (Z_STRLEN_PP(tmp) > 2 &&
+				Z_STRVAL_PP(tmp)[0] == '\'' &&
 				Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') {
-				filename = &Z_STRVAL_PP(tmp)[1];
-				filename[Z_STRLEN_PP(tmp) - 2] = '\0';
+				filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
+				filename[strlen(filename)] = '\0';
+
+				/* Check for safe mode. */
+				if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+						RETURN_FALSE;
+					}
+
+				/* Check the basedir */
+				if (php_check_open_basedir(filename TSRMLS_CC)) {
+					RETURN_FALSE;
+				}
 
                 if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) {
 					php_error(E_WARNING,"Can't open file %s", filename);
@@ -957,9 +968,12 @@ PHP_FUNCTION(odbc_execute)
 						}
 					}
 					efree(params);
+					efree(filename);
 					RETURN_FALSE;
 				}
 
+				efree(filename);
+
 				params[i-1].vallen = SQL_LEN_DATA_AT_EXEC(0);
 
 				rc = SQLBindParameter(result->stmt, (UWORD)i, SQL_PARAM_INPUT,
-- 
2.40.0