diff options
| author | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
| commit | 1c0b8e6f15e416f011263f2d20b5c0281de9fafc (patch) | |
| tree | 12d96769f4fd9e548081e22ee043307ba6dccc3f /ext/zip/php_zip.c | |
| parent | 4f5303ab925c5284decfe47dbaa31a2b9a1b8d5b (diff) | |
| download | php-git-1c0b8e6f15e416f011263f2d20b5c0281de9fafc.tar.gz | |
- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without
confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
patch). Bug found by Stefan Esser in his MOPB-20-2007
Diffstat (limited to 'ext/zip/php_zip.c')
| -rw-r--r-- | ext/zip/php_zip.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 745bcf6082..e618d8b9e7 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -49,11 +49,6 @@ static int le_zip_entry; #define le_zip_entry_name "Zip Entry" /* }}} */ -/* {{{ SAFEMODE_CHECKFILE(filename) */ -#define SAFEMODE_CHECKFILE(filename) \ - (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) -/* }}} */ - /* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */ #define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \ if (zip_stat_index(za, index, flags, &sb) != 0) { \ @@ -127,7 +122,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC); - if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) { + if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { efree(file_dirname_fullpath); efree(file_basename); return 0; @@ -164,7 +159,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil * is required, does a file can have a different * safemode status as its parent folder? */ - if (SAFEMODE_CHECKFILE(fullpath)) { + if (OPENBASEDIR_CHECKPATH(fullpath)) { efree(file_dirname_fullpath); efree(file_basename); return 0; @@ -627,7 +622,7 @@ static PHP_FUNCTION(zip_open) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { return; } - if (SAFEMODE_CHECKFILE(filename)) { + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } @@ -1032,7 +1027,7 @@ static ZIPARCHIVE_METHOD(addFile) entry_name_len = filename_len; } - if (SAFEMODE_CHECKFILE(filename)) { + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } |