summaryrefslogtreecommitdiff
path: root/ext/odbc/php_odbc.c
diff options
context:
space:
mode:
authorDan Kalowsky <kalowsky@php.net>2002-02-15 17:24:44 +0000
committerDan Kalowsky <kalowsky@php.net>2002-02-15 17:24:44 +0000
commitcd88ac738b82c9d72b7a9e72891de28aece20dfc (patch)
treee25f137fdbd51a2144d9215ce2715ebceafcb2e1 /ext/odbc/php_odbc.c
parentb8a5daf59cb5a54d217978b6a3ba0de932af6ae8 (diff)
downloadphp-git-cd88ac738b82c9d72b7a9e72891de28aece20dfc.tar.gz
fix for bug 15516, patch submitted by torben@php.net
Diffstat (limited to 'ext/odbc/php_odbc.c')
-rw-r--r--ext/odbc/php_odbc.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c
index dddf743ab5..949a3e08b7 100644
--- a/ext/odbc/php_odbc.c
+++ b/ext/odbc/php_odbc.c
@@ -943,10 +943,21 @@ PHP_FUNCTION(odbc_execute)
else
ctype = SQL_C_CHAR;
- if (Z_STRVAL_PP(tmp)[0] == '\'' &&
+ if (Z_STRLEN_PP(tmp) > 2 &&
+ Z_STRVAL_PP(tmp)[0] == '\'' &&
Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') {
- filename = &Z_STRVAL_PP(tmp)[1];
- filename[Z_STRLEN_PP(tmp) - 2] = '\0';
+ filename = estrndup(&Z_STRVAL_PP(tmp)[1], Z_STRLEN_PP(tmp) - 2);
+ filename[strlen(filename)] = '\0';
+
+ /* Check for safe mode. */
+ if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ RETURN_FALSE;
+ }
+
+ /* Check the basedir */
+ if (php_check_open_basedir(filename TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) {
php_error(E_WARNING,"Can't open file %s", filename);
@@ -957,9 +968,12 @@ PHP_FUNCTION(odbc_execute)
}
}
efree(params);
+ efree(filename);
RETURN_FALSE;
}
+ efree(filename);
+
params[i-1].vallen = SQL_LEN_DATA_AT_EXEC(0);
rc = SQLBindParameter(result->stmt, (UWORD)i, SQL_PARAM_INPUT,
View Lorry Controller Status