MFH

1 files changed, 20 insertions, 0 deletions

diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c
index 95e8698525..4037c7d00a 100644
--- a/ext/fdf/fdf.c
+++ b/ext/fdf/fdf.c
@@ -224,6 +224,10 @@ PHP_FUNCTION(fdf_open)
 
 	convert_to_string_ex(file);
 
+	if (php_check_open_basedir(Z_STRVAL_PP(file) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(file), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	err = FDFOpen(Z_STRVAL_PP(file), 0, &fdf);
 
 	if(err != FDFErcOK || !fdf) {
@@ -511,6 +515,11 @@ PHP_FUNCTION(fdf_set_ap)
 	convert_to_string_ex(fieldname);
 	convert_to_long_ex(face);
 	convert_to_string_ex(filename);
+
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	convert_to_long_ex(pagenr);
 
 	switch(Z_LVAL_PP(face)) {
@@ -562,6 +571,10 @@ PHP_FUNCTION(fdf_get_ap) {
 
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
+	if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	switch(face) {
 		case 1:
 			facenr = FDFNormalAP;
@@ -771,6 +784,9 @@ PHP_FUNCTION(fdf_save)
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
 	if(filename) {
+		if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+			RETURN_FALSE;
+		}
 		err = FDFSave(fdf, filename);	
 	} else {
 		FILE *fp;
@@ -885,6 +901,10 @@ PHP_FUNCTION(fdf_add_template)
 	convert_to_string_ex(template);
 	convert_to_long_ex(rename);
 
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	filespec.FS = NULL;
 	filespec.F = Z_STRVAL_PP(filename);
 	filespec.Mac = NULL;