MFH: Added missing safe_mode & open_basedir checks.

author: Ilia Alshanetsky <iliaa@php.net> 2004-05-16 14:38:26 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-05-16 14:38:26 +0000
commit: 7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1 (patch)
tree: 1d6b1d577a2545d0cadadae9e004bcd63214ab4b
parent: e864dc5b13d95cc966fd37c10e099c2bfc74d68e (diff)
download: php-git-7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c
index c87001903c..c627d00b30 100644
--- a/ext/fdf/fdf.c
+++ b/ext/fdf/fdf.c
@@ -721,6 +721,10 @@ PHP_FUNCTION(fdf_set_file)
 		return;
 	}
 
+	if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
 	err = FDFSetFile(fdf, filename);
@@ -1481,6 +1485,10 @@ PHP_FUNCTION(fdf_get_attachment) {
 	
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
+	if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	strncpy(pathbuf	, savepath, MAXPATHLEN-1);
 	pathbuf[MAXPATHLEN-1] = '\0';
author	Ilia Alshanetsky <iliaa@php.net>	2004-05-16 14:38:26 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-05-16 14:38:26 +0000
commit	7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1 (patch)
tree	1d6b1d577a2545d0cadadae9e004bcd63214ab4b
parent	e864dc5b13d95cc966fd37c10e099c2bfc74d68e (diff)
download	php-git-7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1.tar.gz