diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2006-10-13 01:42:20 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2006-10-13 01:42:20 +0000 |
| commit | bc59416ff2c2729abd941c69b0911e8aa31b4572 (patch) | |
| tree | 1fd68444f63f9c5de139379dd4d047bcd16d4a49 | |
| parent | 8bd16e2b5890b6006d8362da0acb615053352ec7 (diff) | |
| download | php-git-bc59416ff2c2729abd941c69b0911e8aa31b4572.tar.gz | |
Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
open_basedir).
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/standard/basic_functions.c | 3 | ||||
| -rw-r--r-- | ext/standard/file.c | 9 |
3 files changed, 10 insertions, 4 deletions
@@ -13,6 +13,8 @@ PHP NEWS - Fixed bug #39067 (getDeclaringClass() and private properties). (Tony) - Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files). (Ilia) +- Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of + open_basedir). (Ilia) - Fixed bug #38649 (uninit'd optional arg in stream_socket_sendto()). (Sara) - Fixed bug #38198 (possible crash when COM reports an exception). (Ilia) - Fixed bug #37262 (var_export() does not escape \0 character). (Ilia) diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 720c532ae1..1b31e9bf82 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -6032,8 +6032,7 @@ PHP_FUNCTION(move_uploaded_file) VCWD_UNLINK(Z_STRVAL_PP(new_path)); if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path)) == 0) { successful = 1; - } else - if (php_copy_file(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path) TSRMLS_CC) == SUCCESS) { + } else if (php_copy_file_ex(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path), STREAM_DISABLE_OPEN_BASEDIR TSRMLS_CC) == SUCCESS) { VCWD_UNLINK(Z_STRVAL_PP(path)); successful = 1; } diff --git a/ext/standard/file.c b/ext/standard/file.c index f998278752..4842b43b19 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1711,9 +1711,14 @@ PHP_FUNCTION(copy) } /* }}} */ +PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) +{ + return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC); +} + /* {{{ php_copy_file */ -PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC) +PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC) { php_stream *srcstream = NULL, *deststream = NULL; int ret = FAILURE; @@ -1768,7 +1773,7 @@ no_stat: } safe_to_copy: - srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL); if (!srcstream) { return ret; |