Added missing safe_mode & open_basedir checks.

author: Ilia Alshanetsky <iliaa@php.net> 2003-05-20 00:37:00 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2003-05-20 00:37:00 +0000
commit: 31f0d1c94941fa2bd40472070450f1b4635e8828 (patch)
tree: 4b2fb829a83bd9408b8773c41e4b345bf66f9aff
parent: dab706ee2ae6928a1c45d497c126888cb0c26cd0 (diff)
download: php-git-31f0d1c94941fa2bd40472070450f1b4635e8828.tar.gz
1 files changed, 25 insertions, 1 deletions
diff --git a/ext/pdf/pdf.c b/ext/pdf/pdf.c
index 75e53f93fc..c02a275eaa 100644
--- a/ext/pdf/pdf.c
+++ b/ext/pdf/pdf.c
@@ -1838,7 +1838,11 @@ static void _php_pdf_open_image(INTERNAL_FUNCTION_PARAMETERS, char *type)
 #else
 	image = Z_STRVAL_PP(arg2);
 #endif  
-        
+
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdf_image = PDF_open_image_file(pdf, type, image, "", 0);
 
 	RETURN_LONG(pdf_image+PDFLIB_IMAGE_OFFSET);
@@ -1912,6 +1916,10 @@ PHP_FUNCTION(pdf_open_image_file)
 	image = Z_STRVAL_PP(arg3);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	if (argc == 3) {
 		pdf_image = PDF_open_image_file(pdf, Z_STRVAL_PP(arg2), image, "", 0);
 	} else {
@@ -2535,6 +2543,10 @@ PHP_FUNCTION(pdf_open_ccitt)
 	image = Z_STRVAL_PP(arg2);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	convert_to_long_ex(arg3);
 	convert_to_long_ex(arg4);
 	convert_to_long_ex(arg5);
@@ -2584,6 +2596,10 @@ PHP_FUNCTION(pdf_open_image)
 	image = Z_STRVAL_PP(arg4);
 #endif  
 
+	if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdf_image = PDF_open_image(pdf,
 		Z_STRVAL_PP(arg2),
 		Z_STRVAL_PP(arg3),
@@ -2622,6 +2638,10 @@ PHP_FUNCTION(pdf_attach_file)
 	convert_to_string_ex(arg9);
 	convert_to_string_ex(arg10);
 
+	if (php_check_open_basedir(Z_STRVAL_PP(arg6) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg6), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	PDF_attach_file(pdf,
 		(float) Z_DVAL_PP(arg2),
 		(float) Z_DVAL_PP(arg3),
@@ -2762,6 +2782,10 @@ PHP_FUNCTION(pdf_open_pdi)
 	file = Z_STRVAL_PP(arg2);
 #endif  
 
+	if (php_check_open_basedir(file TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(file, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	pdi_handle = PDF_open_pdi(pdf,
 		file,
 		Z_STRVAL_PP(arg3),
author	Ilia Alshanetsky <iliaa@php.net>	2003-05-20 00:37:00 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2003-05-20 00:37:00 +0000
commit	31f0d1c94941fa2bd40472070450f1b4635e8828 (patch)
tree	4b2fb829a83bd9408b8773c41e4b345bf66f9aff
parent	dab706ee2ae6928a1c45d497c126888cb0c26cd0 (diff)
download	php-git-31f0d1c94941fa2bd40472070450f1b4635e8828.tar.gz