Added missing open_basedir & safe_mode checks to zip:// and bzip://

wrappers. Issues idendtified by MOPB-20 and MOPB-21
author: Ilia Alshanetsky <iliaa@php.net> 2007-03-14 03:50:18 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2007-03-14 03:50:18 +0000
commit: 6d70aa1f4e99d0ff8f9c334a9c0ce07a69cb26a3 (patch)
tree: e6ca720714f77c5640d861d0f4bfcc756697dfca /ext/bz2/bz2.c
parent: c3e4a2854a1eb075c2d059ec69b9e3a83a49cd20 (diff)
download: php-git-6d70aa1f4e99d0ff8f9c334a9c0ce07a69cb26a3.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
index ebe0eb5f37..1f905e411e 100644
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@ -225,6 +225,10 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 #else
 	path_copy = path;
 #endif  
+
+	if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+		return NULL;
+	}
 	
 	/* try and open it directly first */
 	bz_file = BZ2_bzopen(path_copy, mode);
@@ -236,7 +240,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
 	
 	if (bz_file == NULL) {
 		/* that didn't work, so try and get something from the network/wrapper */
-		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
+		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
 	
 		if (stream) {
 			int fd;
author	Ilia Alshanetsky <iliaa@php.net>	2007-03-14 03:50:18 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2007-03-14 03:50:18 +0000
commit	6d70aa1f4e99d0ff8f9c334a9c0ce07a69cb26a3 (patch)
tree	e6ca720714f77c5640d861d0f4bfcc756697dfca /ext/bz2/bz2.c
parent	c3e4a2854a1eb075c2d059ec69b9e3a83a49cd20 (diff)
download	php-git-6d70aa1f4e99d0ff8f9c334a9c0ce07a69cb26a3.tar.gz