diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2013-02-07 13:04:47 +0400 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2013-02-07 13:04:47 +0400 |
| commit | cc4c318b0c71e1a9c9cf803b5ee5d437344d64db (patch) | |
| tree | 22058c039d7d1171a2e89115f44372d91a575384 | |
| parent | a80fdc47b3b5046188aee6a9ef310879322cf4e9 (diff) | |
| download | php-git-cc4c318b0c71e1a9c9cf803b5ee5d437344d64db.tar.gz | |
Check if soap.wsdl_cache_dir confirms to open_basedir
| -rw-r--r-- | ext/soap/soap.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 843f49badc..6851a9b19c 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -568,10 +568,44 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the safemode/open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return FAILURE; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateBool, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals) |