diff options
author | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
---|---|---|
committer | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
commit | 1c0b8e6f15e416f011263f2d20b5c0281de9fafc (patch) | |
tree | 12d96769f4fd9e548081e22ee043307ba6dccc3f /ext/zip | |
parent | 4f5303ab925c5284decfe47dbaa31a2b9a1b8d5b (diff) | |
download | php-git-1c0b8e6f15e416f011263f2d20b5c0281de9fafc.tar.gz |
- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without
confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
patch). Bug found by Stefan Esser in his MOPB-20-2007
Diffstat (limited to 'ext/zip')
-rw-r--r-- | ext/zip/php_zip.c | 13 | ||||
-rw-r--r-- | ext/zip/php_zip.h | 10 | ||||
-rw-r--r-- | ext/zip/zip_stream.c | 5 |
3 files changed, 17 insertions, 11 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 745bcf6082..e618d8b9e7 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -49,11 +49,6 @@ static int le_zip_entry; #define le_zip_entry_name "Zip Entry" /* }}} */ -/* {{{ SAFEMODE_CHECKFILE(filename) */ -#define SAFEMODE_CHECKFILE(filename) \ - (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) -/* }}} */ - /* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */ #define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \ if (zip_stat_index(za, index, flags, &sb) != 0) { \ @@ -127,7 +122,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC); - if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) { + if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { efree(file_dirname_fullpath); efree(file_basename); return 0; @@ -164,7 +159,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil * is required, does a file can have a different * safemode status as its parent folder? */ - if (SAFEMODE_CHECKFILE(fullpath)) { + if (OPENBASEDIR_CHECKPATH(fullpath)) { efree(file_dirname_fullpath); efree(file_basename); return 0; @@ -627,7 +622,7 @@ static PHP_FUNCTION(zip_open) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { return; } - if (SAFEMODE_CHECKFILE(filename)) { + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } @@ -1032,7 +1027,7 @@ static ZIPARCHIVE_METHOD(addFile) entry_name_len = filename_len; } - if (SAFEMODE_CHECKFILE(filename)) { + if (OPENBASEDIR_CHECKPATH(filename)) { RETURN_FALSE; } diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h index cbfc9b9502..f194151941 100644 --- a/ext/zip/php_zip.h +++ b/ext/zip/php_zip.h @@ -30,6 +30,16 @@ extern zend_module_entry zip_module_entry; #include "lib/zip.h" +/* {{{ OPENBASEDIR_CHECKPATH(filename) */ +#if (PHP_MAJOR_VERSION < 6) +#define OPENBASEDIR_CHECKPATH(filename) \ + (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) +#else +#define OPENBASEDIR_CHECKPATH(filename) \ + php_check_open_basedir(filename TSRMLS_CC) +#endif +/* }}} */ + typedef struct _ze_zip_rsrc { struct zip *za; int index_current; diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c index d4b511cc09..1f305509ea 100644 --- a/ext/zip/zip_stream.c +++ b/ext/zip/zip_stream.c @@ -12,6 +12,7 @@ #include "ext/standard/file.h" #include "ext/standard/php_string.h" #include "fopen_wrappers.h" +#include "php_zip.h" #include "ext/standard/url.h" @@ -112,7 +113,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D } if (filename) { - if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { + if (OPENBASEDIR_CHECKPATH(filename)) { return NULL; } @@ -193,7 +194,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper, php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); fragment++; - if ((PG(safe_mode) && (!php_checkuid(file_dirname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file_dirname TSRMLS_CC)) { + if (OPENBASEDIR_CHECKPATH(file_dirname)) { efree(file_basename); return NULL; } |