From e94e25e62123385393b8221088cb765305cd0d0e Mon Sep 17 00:00:00 2001 From: Andi Gutmans Date: Sun, 19 Feb 2006 00:55:22 +0000 Subject: [PATCH] Start nuking safe_mode. Still a lot of work to do... --- ext/com_dotnet/com_persist.c | 9 +-------- ext/curl/interface.c | 11 +++++------ ext/dbase/dbase.c | 8 -------- ext/fdf/fdf.c | 14 +++++++------- ext/filepro/filepro.c | 12 ------------ ext/gd/php_gd.h | 3 +-- ext/ming/ming.c | 2 +- ext/oci8/oci8_interface.c | 10 ---------- ext/oci8/oci8_lob.c | 2 +- ext/odbc/php_odbc.c | 7 ------- ext/openssl/openssl.c | 5 +---- ext/pdo_sqlite/sqlite_driver.c | 9 ++------- ext/pgsql/pgsql.c | 8 -------- ext/posix/posix.c | 10 ++-------- ext/pspell/pspell.c | 12 ------------ ext/session/session.c | 4 ---- ext/sqlite/pdo_sqlite2.c | 7 +------ ext/sqlite/sess_sqlite.c | 1 - ext/sqlite/sqlite.c | 32 +++----------------------------- ext/standard/basic_functions.c | 18 +++--------------- ext/standard/dir.c | 7 +------ ext/standard/file.c | 4 ---- ext/standard/filestat.c | 16 ---------------- ext/standard/link.c | 20 -------------------- ext/tidy/tidy.c | 8 ++++---- 25 files changed, 33 insertions(+), 206 deletions(-) diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index c1c71fcf4e..b8c438df51 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -390,10 +390,6 @@ CPH_METHOD(SaveToFile) if (filename) { fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(fullpath TSRMLS_CC)) { RETURN_FALSE; @@ -454,11 +450,8 @@ CPH_METHOD(LoadFromFile) fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 5a4706fb6a..032c4a85f3 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -157,8 +157,8 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ - if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ - strncasecmp(str, "file:", sizeof("file:") - 1) == 0) \ + if (((PG(open_basedir) && *PG(open_basedir))) && \ + strncasecmp(str, "file:", sizeof("file:") - 1) == 0) \ { \ php_url *tmp_url; \ \ @@ -167,8 +167,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); RETURN_FALSE; \ } \ \ - if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ - (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ + if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC)) \ ) { \ php_url_free(tmp_url); \ RETURN_FALSE; \ @@ -1283,7 +1282,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu if (*postval == '@') { ++postval; /* safe_mode / open_basedir check */ - if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(postval TSRMLS_CC)) { RETURN_FALSE; } error = curl_formadd(&first, &last, @@ -1369,7 +1368,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu convert_to_string_ex(zvalue); - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c index f7452baea0..5d4b0f3762 100644 --- a/ext/dbase/dbase.c +++ b/ext/dbase/dbase.c @@ -134,10 +134,6 @@ PHP_FUNCTION(dbase_open) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(dbf_name), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(dbf_name) TSRMLS_CC)) { RETURN_FALSE; } @@ -590,10 +586,6 @@ PHP_FUNCTION(dbase_create) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Expected array as second parameter"); RETURN_FALSE; } - - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c index 7ca4f5f99b..8e5bd7a846 100644 --- a/ext/fdf/fdf.c +++ b/ext/fdf/fdf.c @@ -239,7 +239,7 @@ PHP_FUNCTION(fdf_open) convert_to_string_ex(file); - if (php_check_open_basedir(Z_STRVAL_PP(file) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(file), "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(file) TSRMLS_CC)) { RETURN_FALSE; } @@ -530,7 +530,7 @@ PHP_FUNCTION(fdf_set_ap) convert_to_long_ex(face); convert_to_string_ex(filename); - if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; } @@ -585,7 +585,7 @@ PHP_FUNCTION(fdf_get_ap) { ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); - if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -725,7 +725,7 @@ PHP_FUNCTION(fdf_set_file) return; } - if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -802,7 +802,7 @@ PHP_FUNCTION(fdf_save) ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); if(filename) { - if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } err = FDFSave(fdf, filename); @@ -922,7 +922,7 @@ PHP_FUNCTION(fdf_add_template) convert_to_string_ex(template); convert_to_long_ex(rename); - if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; } @@ -1492,7 +1492,7 @@ PHP_FUNCTION(fdf_get_attachment) { ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); - if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + if (php_check_open_basedir(savepath TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/filepro/filepro.c b/ext/filepro/filepro.c index 0f45eea44d..d03baf21f0 100644 --- a/ext/filepro/filepro.c +++ b/ext/filepro/filepro.c @@ -268,10 +268,6 @@ PHP_FUNCTION(filepro) snprintf(workbuf, sizeof(workbuf), "%s/map", Z_STRVAL_PP(dir)); - if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(workbuf TSRMLS_CC)) { RETURN_FALSE; } @@ -362,10 +358,6 @@ PHP_FUNCTION(filepro_rowcount) /* Now read the records in, moving forward recsize-1 bytes each time */ snprintf(workbuf, sizeof(workbuf), "%s/key", FP_GLOBAL(fp_database)); - if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(workbuf TSRMLS_CC)) { RETURN_FALSE; } @@ -574,10 +566,6 @@ PHP_FUNCTION(filepro_retrieve) /* Now read the record in */ snprintf(workbuf, sizeof(workbuf), "%s/key", FP_GLOBAL(fp_database)); - if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(workbuf TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h index df3046f9fb..a4ebc4aee9 100644 --- a/ext/gd/php_gd.h +++ b/ext/gd/php_gd.h @@ -32,8 +32,7 @@ /* open_basedir and safe_mode checks */ #define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ - if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \ - (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \ + if (!filename || php_check_open_basedir(filename TSRMLS_CC)) \ ) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ RETURN_FALSE; \ diff --git a/ext/ming/ming.c b/ext/ming/ming.c index 87a394aad5..5cad69f83b 100644 --- a/ext/ming/ming.c +++ b/ext/ming/ming.c @@ -79,7 +79,7 @@ static SWFPrebuiltClip getPrebuiltClip(zval *id TSRMLS_DC); #endif #define PHP_MING_FILE_CHK(file) \ - if ((PG(safe_mode) && !php_checkuid((file), NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir((file) TSRMLS_CC)) { \ + if (php_check_open_basedir((file) TSRMLS_CC)) { \ RETURN_FALSE; \ } \ diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c index a6a039f30d..4221c7459e 100644 --- a/ext/oci8/oci8_interface.c +++ b/ext/oci8/oci8_interface.c @@ -909,10 +909,6 @@ PHP_FUNCTION(oci_lob_export) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(filename TSRMLS_CC)) { RETURN_FALSE; } @@ -1680,12 +1676,6 @@ PHP_FUNCTION(oci_password_change) int user_len, pass_old_len, pass_new_len, dbname_len; php_oci_connection *connection; - /* Disable in Safe Mode */ - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "is disabled in Safe Mode"); - RETURN_FALSE; - } - if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rsss", &z_connection, &user, &user_len, &pass_old, &pass_old_len, &pass_new, &pass_new_len) == SUCCESS) { PHP_OCI_ZVAL_TO_CONNECTION(z_connection, connection); diff --git a/ext/oci8/oci8_lob.c b/ext/oci8/oci8_lob.c index 11e29f6d00..7bcad851b1 100644 --- a/ext/oci8/oci8_lob.c +++ b/ext/oci8/oci8_lob.c @@ -504,7 +504,7 @@ int php_oci_lob_import (php_oci_descriptor *descriptor, char *filename TSRMLS_DC char buf[8192]; ub4 offset = 1; - if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { + if (php_check_open_basedir(filename TSRMLS_CC)) { return 1; } diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 518d3bae76..17285cf10d 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1017,13 +1017,6 @@ PHP_FUNCTION(odbc_execute) filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2); filename[strlen(filename)] = '\0'; - /* Check for safe mode. */ - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(filename); - efree(params); - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(filename TSRMLS_CC)) { efree(filename); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 3580118186..40f4a70caa 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -179,12 +179,9 @@ static void php_csr_free(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ -/* {{{ openssl safe_mode & open_basedir checks */ +/* {{{ openssl open_basedir checks */ inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC) { - if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } if (php_check_open_basedir(filename TSRMLS_CC)) { return -1; } diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c index 4befc226d4..bf83da6793 100644 --- a/ext/pdo_sqlite/sqlite_driver.c +++ b/ext/pdo_sqlite/sqlite_driver.c @@ -677,11 +677,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -739,7 +734,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(TSRMLS_C), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } @@ -752,7 +747,7 @@ static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS goto cleanup; } - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if ((PG(open_basedir) && *PG(open_basedir))) { sqlite3_set_authorizer(H->db, authorizer, NULL); } diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 2c5951dc71..4085405dad 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -2808,10 +2808,6 @@ PHP_FUNCTION(pg_lo_import) WRONG_PARAM_COUNT; } - if (PG(safe_mode) &&(!php_checkuid(file_in, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(file_in TSRMLS_CC)) { RETURN_FALSE; } @@ -2906,10 +2902,6 @@ PHP_FUNCTION(pg_lo_export) RETURN_FALSE; } - if (PG(safe_mode) &&(!php_checkuid(file_out, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(file_out TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/posix/posix.c b/ext/posix/posix.c index edbc561ec1..1e7cd9bbdc 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -653,10 +653,6 @@ PHP_FUNCTION(posix_mkfifo) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) { - RETURN_FALSE; - } - result = mkfifo(path, mode); if (result < 0) { POSIX_G(last_error) = errno; @@ -687,8 +683,7 @@ PHP_FUNCTION(posix_mknod) RETURN_FALSE; } - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { RETURN_FALSE; } @@ -767,8 +762,7 @@ PHP_FUNCTION(posix_access) path = expand_filepath(filename, NULL TSRMLS_CC); - if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) || - (PG(safe_mode) && (!php_checkuid_ex(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR, CHECKUID_NO_ERRORS)))) { + if (php_check_open_basedir_ex(path, 0 TSRMLS_CC)) { efree(path); POSIX_G(last_error) = EPERM; RETURN_FALSE; diff --git a/ext/pspell/pspell.c b/ext/pspell/pspell.c index 8936527298..881db9130d 100644 --- a/ext/pspell/pspell.c +++ b/ext/pspell/pspell.c @@ -281,10 +281,6 @@ PHP_FUNCTION(pspell_new_personal) convert_to_string_ex(personal); - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(personal), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(personal) TSRMLS_CC)) { RETURN_FALSE; } @@ -782,10 +778,6 @@ static void pspell_config_path(INTERNAL_FUNCTION_PARAMETERS, char *option) convert_to_string_ex(value); - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(value) TSRMLS_CC)) { RETURN_FALSE; } @@ -840,10 +832,6 @@ PHP_FUNCTION(pspell_config_repl) convert_to_string_ex(repl); - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(repl), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(repl) TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/session/session.c b/ext/session/session.c index 35c1d21c45..04402cbb16 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -137,10 +137,6 @@ static PHP_INI_MH(OnUpdateSaveDir) { /* Only do the safemode/open_basedir check at runtime */ if (stage == PHP_INI_STAGE_RUNTIME) { - if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) { - return FAILURE; - } - if (php_check_open_basedir(new_value TSRMLS_CC)) { return FAILURE; } diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 7d6ece8390..15a10de4c5 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -518,11 +518,6 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - return NULL; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; @@ -581,7 +576,7 @@ static int pdo_sqlite2_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRML if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(TSRMLS_C), 0 TSRMLS_CC, - "safe_mode/open_basedir prohibits opening %s", + "open_basedir prohibits opening %s", dbh->data_source); goto cleanup; } diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c index c68a2bd854..cf190bc4f8 100644 --- a/ext/sqlite/sess_sqlite.c +++ b/ext/sqlite/sess_sqlite.c @@ -42,7 +42,6 @@ PS_OPEN_FUNC(sqlite) char *errmsg = NULL; sqlite *db; - /* TODO: do we need a safe_mode check here? */ db = sqlite_open(save_path, 0666, &errmsg); if (db == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 5366d098b1..2d66a78937 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -728,10 +728,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_COPY: if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } - if (php_check_open_basedir(arg4 TSRMLS_CC)) { return SQLITE_DENY; } @@ -741,9 +737,6 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg case SQLITE_ATTACH: if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) { TSRMLS_FETCH(); - if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return SQLITE_DENY; - } if (php_check_open_basedir(arg3 TSRMLS_CC)) { return SQLITE_DENY; @@ -1183,10 +1176,10 @@ static struct php_sqlite_db *php_sqlite_open(char *filename, int mode, char *per * then fail with a busy status code */ sqlite_busy_timeout(sdb, 60000); - /* authorizer hook so we can enforce safe mode + /* authorizer hook so we can enforce open_basedir * Note: the declaration of php_sqlite_authorizer is correct for 2.8.2 of libsqlite, * and IS backwards binary compatible with earlier versions */ - if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { + if ((PG(open_basedir) && *PG(open_basedir))) { sqlite_set_authorizer(sdb, php_sqlite_authorizer, NULL); } @@ -1240,11 +1233,8 @@ PHP_FUNCTION(sqlite_popen) /* resolve the fully-qualified path name to use as the hash key */ fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } } else { @@ -1316,16 +1306,6 @@ PHP_FUNCTION(sqlite_open) /* resolve the fully-qualified path name to use as the hash key */ fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - php_std_error_handling(); - efree(fullpath); - if (object) { - RETURN_NULL(); - } else { - RETURN_FALSE; - } - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { php_std_error_handling(); efree(fullpath); @@ -1371,12 +1351,6 @@ PHP_FUNCTION(sqlite_factory) /* resolve the fully-qualified path name to use as the hash key */ fullpath = expand_filepath(filename, NULL TSRMLS_CC); - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); - php_std_error_handling(); - RETURN_NULL(); - } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); php_std_error_handling(); diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 02114c8da1..3451c26eba 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -2450,10 +2450,6 @@ PHP_FUNCTION(highlight_file) } convert_to_string(filename); - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_P(filename), NULL, CHECKUID_ALLOW_ONLY_FILE))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_P(filename) TSRMLS_CC)) { RETURN_FALSE; } @@ -2678,19 +2674,15 @@ PHP_FUNCTION(ini_set) #define _CHECK_PATH(var, ini) php_ini_check_path(Z_STRVAL_PP(var), Z_STRLEN_PP(var), ini, sizeof(ini)) - /* safe_mode & basedir check */ - if (PG(safe_mode) || PG(open_basedir)) { + /* basedir check */ + if (PG(open_basedir)) { if (_CHECK_PATH(varname, "error_log") || _CHECK_PATH(varname, "java.class.path") || _CHECK_PATH(varname, "java.home") || _CHECK_PATH(varname, "java.library.path") || _CHECK_PATH(varname, "session.save_path") || _CHECK_PATH(varname, "vpopmail.directory")) { - if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - zval_dtor(return_value); - RETURN_FALSE; - } - + if (php_check_open_basedir(Z_STRVAL_PP(new_value) TSRMLS_CC)) { zval_dtor(return_value); RETURN_FALSE; @@ -3083,10 +3075,6 @@ PHP_FUNCTION(move_uploaded_file) RETURN_FALSE; } - if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(new_path), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(new_path) TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/dir.c b/ext/standard/dir.c index 36ab84fdc3..09a5beb482 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -286,9 +286,6 @@ PHP_FUNCTION(chdir) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } ret = VCWD_CHDIR(str); if (ret != 0) { @@ -422,9 +419,7 @@ PHP_FUNCTION(glob) /* we assume that any glob pattern will match files from one directory only so checking the dirname of the first match should be sufficient */ strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN); - if (PG(safe_mode) && (!php_checkuid(cwd, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } + if (php_check_open_basedir(cwd TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/standard/file.c b/ext/standard/file.c index 6f01bfc8e4..02496ec0bf 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1415,10 +1415,6 @@ PHPAPI int php_mkdir_ex(char *dir, long mode, int options TSRMLS_DC) { int ret; - if (PG(safe_mode) && (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return -1; - } - if (php_check_open_basedir(dir TSRMLS_CC)) { return -1; } diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index 306c438866..59d933a4b6 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -348,10 +348,6 @@ static void php_do_chgrp(INTERNAL_FUNCTION_PARAMETERS, int do_lchgrp) gid = Z_LVAL_PP(group); } - if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; @@ -422,10 +418,6 @@ static void php_do_chown(INTERNAL_FUNCTION_PARAMETERS, int do_lchown) uid = Z_LVAL_PP(user); } - if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; @@ -486,10 +478,6 @@ PHP_FUNCTION(chmod) convert_to_string_ex(filename); convert_to_long_ex(mode); - if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; @@ -546,10 +534,6 @@ PHP_FUNCTION(touch) } convert_to_string_ex(filename); - if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - RETURN_FALSE; - } - /* Check the basedir */ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; diff --git a/ext/standard/link.c b/ext/standard/link.c index afeb7e7aee..2a6104dcd5 100644 --- a/ext/standard/link.c +++ b/ext/standard/link.c @@ -63,10 +63,6 @@ PHP_FUNCTION(readlink) } convert_to_string_ex(filename); - if (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { RETURN_FALSE; } @@ -132,14 +128,6 @@ PHP_FUNCTION(symlink) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } @@ -187,14 +175,6 @@ PHP_FUNCTION(link) RETURN_FALSE; } - if (PG(safe_mode) && !php_checkuid(dest_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - - if (PG(safe_mode) && !php_checkuid(source_p, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - RETURN_FALSE; - } - if (php_check_open_basedir(dest_p TSRMLS_CC)) { RETURN_FALSE; } diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 8c649d3c0a..f6fab3e4e3 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -85,7 +85,7 @@ _php_tidy_apply_config_array(_doc, HASH_OF(_val) TSRMLS_CC); \ } else { \ convert_to_string_ex(&_val); \ - TIDY_SAFE_MODE_CHECK(Z_STRVAL_P(_val)); \ + TIDY_OPEN_BASEDIR_CHECK(Z_STRVAL_P(_val)); \ if (tidyLoadConfig(_doc, Z_STRVAL_P(_val)) < 0) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_P(_val)); \ RETURN_FALSE; \ @@ -163,8 +163,8 @@ zend_hash_update(_table, #_key, sizeof(#_key), (void *)&tmp, sizeof(zval *), NULL); \ } -#define TIDY_SAFE_MODE_CHECK(filename) \ -if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { \ +#define TIDY_OPEN_BASEDIR_CHECK(filename) \ +if (php_check_open_basedir(filename TSRMLS_CC)) { \ RETURN_FALSE; \ } \ @@ -461,7 +461,7 @@ static void php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_fil _php_tidy_apply_config_array(doc, HASH_OF(config) TSRMLS_CC); } else { convert_to_string_ex(&config); - TIDY_SAFE_MODE_CHECK(Z_STRVAL_P(config)); + TIDY_OPEN_BASEDIR_CHECK(Z_STRVAL_P(config)); if (tidyLoadConfig(doc, Z_STRVAL_P(config)) < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not load configuration file '%s'", Z_STRVAL_P(config)); RETVAL_FALSE; -- 2.40.0