diff options
| author | Wez Furlong <wez@php.net> | 2003-06-06 22:44:57 +0000 |
|---|---|---|
| committer | Wez Furlong <wez@php.net> | 2003-06-06 22:44:57 +0000 |
| commit | 30fc9e152f6279df812bfc32da309c2c8397671d (patch) | |
| tree | dec0b645f8a7faafc92ebffd4df9a7ce2e8b9446 /ext/sqlite/sqlite.c | |
| parent | 6610183236b88cf1017fbd71b0561fac9cee9c8f (diff) | |
| download | php-git-30fc9e152f6279df812bfc32da309c2c8397671d.tar.gz | |
Update bundled library to 2.8.3 + patches from sqlite author to enable
authorization checks for the ATTACH database command.
Diffstat (limited to 'ext/sqlite/sqlite.c')
| -rw-r--r-- | ext/sqlite/sqlite.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 657b0badc2..2c49b5078f 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -574,6 +574,20 @@ static int php_sqlite_authorizer(void *autharg, int access_type, const char *arg } } return SQLITE_OK; +#ifdef SQLITE_ATTACH + case SQLITE_ATTACH: + { + TSRMLS_FETCH(); + if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return SQLITE_DENY; + } + + if (php_check_open_basedir(arg3 TSRMLS_CC)) { + return SQLITE_DENY; + } + } + return SQLITE_OK; +#endif default: /* access allowed */ |