Added missing safe_mode & open_basedir checks.

author: Ilia Alshanetsky <iliaa@php.net> 2004-05-16 14:38:19 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-05-16 14:38:19 +0000
commit: fbd3e0da4002f6c296591fa13a2e4f84ab950d19 (patch)
tree: f86f87eb98f28fdc742dbae2f02588941c5b87f1
parent: 251b627684387fa49b376ab9e9502f88785e9ab4 (diff)
download: php-git-fbd3e0da4002f6c296591fa13a2e4f84ab950d19.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c
index b9d93a7dcb..e3568b199a 100644
--- a/ext/fdf/fdf.c
+++ b/ext/fdf/fdf.c
@@ -725,6 +725,10 @@ PHP_FUNCTION(fdf_set_file)
 		return;
 	}
 
+	if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
 	err = FDFSetFile(fdf, filename);
@@ -1485,6 +1489,10 @@ PHP_FUNCTION(fdf_get_attachment) {
 	
 	ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
 
+	if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+		RETURN_FALSE;
+	}
+
 	strncpy(pathbuf	, savepath, MAXPATHLEN-1);
 	pathbuf[MAXPATHLEN-1] = '\0';
author	Ilia Alshanetsky <iliaa@php.net>	2004-05-16 14:38:19 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-05-16 14:38:19 +0000
commit	fbd3e0da4002f6c296591fa13a2e4f84ab950d19 (patch)
tree	f86f87eb98f28fdc742dbae2f02588941c5b87f1
parent	251b627684387fa49b376ab9e9502f88785e9ab4 (diff)
download	php-git-fbd3e0da4002f6c296591fa13a2e4f84ab950d19.tar.gz