diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2005-10-06 20:44:56 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2005-10-06 20:44:56 +0000 |
| commit | 8ea1dd281db4e6978b40accf1c57a94f9ce9d9ed (patch) | |
| tree | e40bce7cfc92596de461b9533d21d9e1c62e92c4 | |
| parent | ac41083b8244bbdee151983a16c928e97282a1ec (diff) | |
| download | php-git-8ea1dd281db4e6978b40accf1c57a94f9ce9d9ed.tar.gz | |
MFH: Added missing safe_mode checks.
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/curl/curl.c | 2 | ||||
| -rw-r--r-- | ext/gd/gd.c | 2 | ||||
| -rw-r--r-- | ext/gd/gd_ctx.c | 2 |
4 files changed, 4 insertions, 3 deletions
@@ -1,6 +1,7 @@ PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2005, Version 4.4.1 +- Added missing safe_mode checks for image* functions and cURL. (Ilia) - Added missing safe_mode/open_basedir checks for file uploads. (Ilia) - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia) - Fixed possible crash and/or memory corruption in import_request_variables(). diff --git a/ext/curl/curl.c b/ext/curl/curl.c index 3468dfc576..47dbf2f36c 100644 --- a/ext/curl/curl.c +++ b/ext/curl/curl.c @@ -66,7 +66,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ - if (PG(open_basedir) && *PG(open_basedir) && \ + if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ { \ php_url *tmp_url; \ diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 0b6cf7b8a5..c1d03c2715 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1644,7 +1644,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); RETURN_FALSE; } diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c index 79ab8d1332..4870138aec 100644 --- a/ext/gd/gd_ctx.c +++ b/ext/gd/gd_ctx.c @@ -73,7 +73,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { + if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); RETURN_FALSE; } |