diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2004-01-21 02:28:50 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2004-01-21 02:28:50 +0000 |
| commit | eb3ff409b07e17020101a55fa73eafea9e0891eb (patch) | |
| tree | b4c4b473d934e75783c92d2371fdb99c018d4699 /main/streams/plain_wrapper.c | |
| parent | e36f5fb08b0bab13437932c9d77d759b82710535 (diff) | |
| download | php-git-eb3ff409b07e17020101a55fa73eafea9e0891eb.tar.gz | |
Fixed bug #26974 (rename() doesn't check the destination file
against safe_mode/open_basedir).
Diffstat (limited to 'main/streams/plain_wrapper.c')
| -rw-r--r-- | main/streams/plain_wrapper.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 2193577e89..c60063f355 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -973,11 +973,12 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c url_to = p + 3; } - if (PG(safe_mode) &&(!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (PG(safe_mode) && (!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR) || + !php_checkuid(url_to, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return 0; } - if (php_check_open_basedir(url_from TSRMLS_CC)) { + if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { return 0; } |