diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2004-05-16 14:38:26 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2004-05-16 14:38:26 +0000 |
commit | 7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1 (patch) | |
tree | 1d6b1d577a2545d0cadadae9e004bcd63214ab4b | |
parent | e864dc5b13d95cc966fd37c10e099c2bfc74d68e (diff) | |
download | php-git-7be44d2b6d21cf021cdb0a5e5c503b4d9cb608e1.tar.gz |
MFH: Added missing safe_mode & open_basedir checks.
-rw-r--r-- | ext/fdf/fdf.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c index c87001903c..c627d00b30 100644 --- a/ext/fdf/fdf.c +++ b/ext/fdf/fdf.c @@ -721,6 +721,10 @@ PHP_FUNCTION(fdf_set_file) return; } + if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); err = FDFSetFile(fdf, filename); @@ -1481,6 +1485,10 @@ PHP_FUNCTION(fdf_get_attachment) { ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); + if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + strncpy(pathbuf , savepath, MAXPATHLEN-1); pathbuf[MAXPATHLEN-1] = '\0'; |