diff options
| author | Xinchen Hui <laruence@php.net> | 2012-05-06 00:40:49 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2012-05-06 00:40:49 +0800 |
| commit | 035ce937e13d8496795cef9899cc5c5afe9daab7 (patch) | |
| tree | 7b939d238e6738b7a7db542dbab2b6a74f834368 | |
| parent | 168e8920be77f3b55a3ae688270b752579681f6e (diff) | |
| download | php-git-035ce937e13d8496795cef9899cc5c5afe9daab7.tar.gz | |
Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/curl/interface.c | 2 | ||||
| -rw-r--r-- | ext/curl/tests/bug61948.phpt | 20 |
3 files changed, 25 insertions, 1 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, reeze.xia@gmail.com) +- CURL + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). + (Laruence) + - Core: . Fixed missing bound check in iptcparse(). (chris at chiappa.net) . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 66aafc078e..270a7dd807 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2167,7 +2167,7 @@ string_copy: convert_to_string_ex(zvalue); - if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + if (!Z_STRLEN_PP(zvalue) || php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { RETVAL_FALSE; return 1; } diff --git a/ext/curl/tests/bug61948.phpt b/ext/curl/tests/bug61948.phpt new file mode 100644 index 0000000000..a03fc3b600 --- /dev/null +++ b/ext/curl/tests/bug61948.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction) +--SKIPIF-- +<?php if (!extension_loaded("curl")) print "skip"; ?> +--INI-- +open_basedir="/tmp" +--FILE-- +<?php + $ch = curl_init(); + var_dump(curl_setopt($ch, CURLOPT_COOKIEFILE, "")); + var_dump(curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/foo")); + var_dump(curl_setopt($ch, CURLOPT_COOKIEFILE, "/xxx/bar")); + curl_close($ch); +?> +--EXPECTF-- +bool(false) +bool(true) + +Warning: curl_setopt(): open_basedir restriction in effect. File(/xxx/bar) is not within the allowed path(s): (/tmp) in %sbug61948.php on line %d +bool(false) |