diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2003-05-21 00:57:48 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2003-05-21 00:57:48 +0000 |
| commit | 5d900b5171d39bbc86859aecea26b2edef1ec71f (patch) | |
| tree | c7c0cec206fec9c28d4df341e05f7813bf75db51 | |
| parent | 25fcdb430442cd64fb8f36135d8206db597d69aa (diff) | |
| download | php-git-5d900b5171d39bbc86859aecea26b2edef1ec71f.tar.gz | |
MFH
| -rw-r--r-- | ext/cpdf/cpdf.c | 17 | ||||
| -rw-r--r-- | ext/pdf/pdf.c | 5 |
2 files changed, 22 insertions, 0 deletions
diff --git a/ext/cpdf/cpdf.c b/ext/cpdf/cpdf.c index 25512d02f8..a02f310f40 100644 --- a/ext/cpdf/cpdf.c +++ b/ext/cpdf/cpdf.c @@ -475,6 +475,10 @@ PHP_FUNCTION(cpdf_open) if(strcmp(Z_STRVAL_P(arg2), "-") == 0) php_error(E_WARNING, "%s(): Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Write to a memory stream and use cpdf_output_buffer() instead.", get_active_function_name(TSRMLS_C)); #endif + if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + cpdf_setOutputFilename(cpdf, Z_STRVAL_P(arg2)); } cpdf_init(cpdf); @@ -928,6 +932,10 @@ PHP_FUNCTION(cpdf_set_font_map_file) RETURN_FALSE; } + if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + cpdf_setFontMapFile(pdf, Z_STRVAL_P(arg2)); RETURN_TRUE; @@ -2378,6 +2386,10 @@ PHP_FUNCTION(cpdf_save_to_file) php_error(E_WARNING, "%s(): Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Use cpdf_output_buffer() instead.", get_active_function_name(TSRMLS_C)); #endif + if (php_check_open_basedir(Z_STRVAL_P(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(arg2), "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + cpdf_savePDFmemoryStreamToFile(pdf, Z_STRVAL_P(arg2)); RETURN_TRUE; @@ -2401,6 +2413,11 @@ PHP_FUNCTION(cpdf_import_jpeg) convert_to_long(argv[0]); convert_to_string(argv[1]); + + if (php_check_open_basedir(Z_STRVAL_P(argv[1]) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_P(argv[1]), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + convert_to_double(argv[2]); convert_to_double(argv[3]); convert_to_double(argv[4]); diff --git a/ext/pdf/pdf.c b/ext/pdf/pdf.c index f10ba4e858..1d61ffc452 100644 --- a/ext/pdf/pdf.c +++ b/ext/pdf/pdf.c @@ -2335,6 +2335,11 @@ PHP_FUNCTION(pdf_open_file) if (argc == 2) { convert_to_string_ex(arg2); filename = Z_STRVAL_PP(arg2); + + if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + pdf_file = PDF_open_file(pdf, filename); } else { /* open in memory */ |