diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2003-05-20 00:37:13 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2003-05-20 00:37:13 +0000 |
| commit | 5defe2dd7cdc563120f9dc48c7b9d71d2c7fcd06 (patch) | |
| tree | 5ef92ee668ef0d31cd0893657c281bbd7ea2c617 | |
| parent | 1a6d970f7edab45b882a5a158b82f3eab127a352 (diff) | |
| download | php-git-5defe2dd7cdc563120f9dc48c7b9d71d2c7fcd06.tar.gz | |
MFH
| -rw-r--r-- | ext/pdf/pdf.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/ext/pdf/pdf.c b/ext/pdf/pdf.c index 2913f92804..f10ba4e858 100644 --- a/ext/pdf/pdf.c +++ b/ext/pdf/pdf.c @@ -1837,7 +1837,11 @@ static void _php_pdf_open_image(INTERNAL_FUNCTION_PARAMETERS, char *type) #else image = Z_STRVAL_PP(arg2); #endif - + + if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + pdf_image = PDF_open_image_file(pdf, type, image, "", 0); RETURN_LONG(pdf_image+PDFLIB_IMAGE_OFFSET); @@ -1911,6 +1915,10 @@ PHP_FUNCTION(pdf_open_image_file) image = Z_STRVAL_PP(arg3); #endif + if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + if (argc == 3) { pdf_image = PDF_open_image_file(pdf, Z_STRVAL_PP(arg2), image, "", 0); } else { @@ -2539,6 +2547,10 @@ PHP_FUNCTION(pdf_open_ccitt) image = Z_STRVAL_PP(arg2); #endif + if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + convert_to_long_ex(arg3); convert_to_long_ex(arg4); convert_to_long_ex(arg5); @@ -2588,6 +2600,10 @@ PHP_FUNCTION(pdf_open_image) image = Z_STRVAL_PP(arg4); #endif + if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + pdf_image = PDF_open_image(pdf, Z_STRVAL_PP(arg2), Z_STRVAL_PP(arg3), @@ -2626,6 +2642,10 @@ PHP_FUNCTION(pdf_attach_file) convert_to_string_ex(arg9); convert_to_string_ex(arg10); + if (php_check_open_basedir(Z_STRVAL_PP(arg6) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg6), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + PDF_attach_file(pdf, (float) Z_DVAL_PP(arg2), (float) Z_DVAL_PP(arg3), @@ -2766,6 +2786,10 @@ PHP_FUNCTION(pdf_open_pdi) file = Z_STRVAL_PP(arg2); #endif + if (php_check_open_basedir(file TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(file, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + pdi_handle = PDF_open_pdi(pdf, file, Z_STRVAL_PP(arg3), |