summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/db/db.c2
-rw-r--r--ext/dbase/dbase.c4
-rw-r--r--ext/filepro/filepro.c6
-rw-r--r--ext/pgsql/pgsql.c2
-rw-r--r--ext/posix/posix.c2
-rw-r--r--ext/standard/exec.c8
-rw-r--r--ext/standard/file.c8
-rw-r--r--ext/standard/filestat.c8
-rw-r--r--ext/standard/link.c6
-rw-r--r--ext/zlib/zlib.c10
-rw-r--r--main/fopen_wrappers.c22
-rw-r--r--main/main.c4
-rw-r--r--main/safe_mode.c10
-rw-r--r--main/safe_mode.h2
14 files changed, 43 insertions, 51 deletions
diff --git a/ext/db/db.c b/ext/db/db.c
index 9efe670a0c..aca8d7ea1f 100644
--- a/ext/db/db.c
+++ b/ext/db/db.c
@@ -289,7 +289,7 @@ dbm_info *php_dbm_open(char *filename, char *mode) {
return NULL;
}
- if (PG(safe_mode) && (!php_checkuid(filename, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, NULL, 2))) {
return NULL;
}
diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c
index 1131d4da9e..1149a644f0 100644
--- a/ext/dbase/dbase.c
+++ b/ext/dbase/dbase.c
@@ -120,7 +120,7 @@ PHP_FUNCTION(dbase_open) {
convert_to_string(dbf_name);
convert_to_long(options);
- if (PG(safe_mode) && (!php_checkuid(dbf_name->value.str.val, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(dbf_name->value.str.val, NULL, 2))) {
RETURN_FALSE;
}
@@ -583,7 +583,7 @@ PHP_FUNCTION(dbase_create) {
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_P(filename), 2))) {
+ if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_P(filename), NULL, 2))) {
RETURN_FALSE;
}
diff --git a/ext/filepro/filepro.c b/ext/filepro/filepro.c
index 9a7436b6da..4d0a943f0d 100644
--- a/ext/filepro/filepro.c
+++ b/ext/filepro/filepro.c
@@ -203,7 +203,7 @@ PHP_FUNCTION(filepro)
sprintf(workbuf, "%s/map", dir->value.str.val);
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
@@ -302,7 +302,7 @@ PHP_FUNCTION(filepro_rowcount)
/* Now read the records in, moving forward recsize-1 bytes each time */
sprintf(workbuf, "%s/key", FP_GLOBAL(fp_database));
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
@@ -527,7 +527,7 @@ PHP_FUNCTION(filepro_retrieve)
/* Now read the record in */
sprintf(workbuf, "%s/key", FP_GLOBAL(fp_database));
- if (PG(safe_mode) && (!php_checkuid(workbuf, 2))) {
+ if (PG(safe_mode) && (!php_checkuid(workbuf, NULL, 2))) {
RETURN_FALSE;
}
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 9390349deb..81caec5eb1 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -1539,7 +1539,7 @@ PHP_FUNCTION(pg_loimport)
break;
}
- if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(file_in), 2))) {
+ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(file_in), NULL, 2))) {
RETURN_FALSE;
}
diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index 9a3bbdedf2..34be8820f1 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -603,7 +603,7 @@ PHP_FUNCTION(posix_mkfifo)
convert_to_string(path);
convert_to_long(mode);
- if (php3_ini.safe_mode && (!php_checkuid(path->value.str.val, 3))) {
+ if (php3_ini.safe_mode && (!php_checkuid(path->value.str.val, NULL, 3))) {
RETURN_FALSE;
}
result = mkfifo(path->value.str.val, mode->value.lval);
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 7fc6acc033..61bc6f21ce 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -86,11 +86,7 @@ static int _Exec(int type, char *cmd, pval *array, pval *return_value)
tmp = php_escape_shell_cmd(d);
efree(d);
d = tmp;
-#ifdef PHP_WIN32
fp = V_POPEN(d, "rb");
-#else
- fp = V_POPEN(d, "r");
-#endif
if (!fp) {
php_error(E_WARNING, "Unable to fork [%s]", d);
efree(d);
@@ -98,11 +94,7 @@ static int _Exec(int type, char *cmd, pval *array, pval *return_value)
return -1;
}
} else { /* not safe_mode */
-#ifdef PHP_WIN32
fp = V_POPEN(cmd, "rb");
-#else
- fp = V_POPEN(cmd, "r");
-#endif
if (!fp) {
php_error(E_WARNING, "Unable to fork [%s]", cmd);
efree(buf);
diff --git a/ext/standard/file.c b/ext/standard/file.c
index c9911f10d6..c93426028d 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1344,7 +1344,7 @@ PHP_FUNCTION(mkdir)
convert_to_string_ex(arg1);
convert_to_long_ex(arg2);
mode = (*arg2)->value.lval;
- if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val,3))) {
+ if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val, NULL, 3))) {
RETURN_FALSE;
}
ret = V_MKDIR((*arg1)->value.str.val,mode);
@@ -1369,7 +1369,7 @@ PHP_FUNCTION(rmdir)
WRONG_PARAM_COUNT;
}
convert_to_string_ex(arg1);
- if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*arg1)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
ret = rmdir((*arg1)->value.str.val);
@@ -1563,7 +1563,7 @@ PHP_FUNCTION(rename)
old_name = (*old_arg)->value.str.val;
new_name = (*new_arg)->value.str.val;
- if (PG(safe_mode) &&(!php_checkuid(old_name, 2))) {
+ if (PG(safe_mode) &&(!php_checkuid(old_name, NULL, 2))) {
RETURN_FALSE;
}
ret = rename(old_name, new_name);
@@ -1669,7 +1669,7 @@ PHP_FUNCTION(copy)
convert_to_string_ex(source);
convert_to_string_ex(target);
- if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val,2))) {
+ if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val, NULL, 2))) {
RETURN_FALSE;
}
diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c
index ca7670af41..a82a05ed3f 100644
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@@ -252,7 +252,7 @@ PHP_FUNCTION(chgrp)
gid = (*group)->value.lval;
}
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
@@ -300,7 +300,7 @@ PHP_FUNCTION(chown)
uid = (*user)->value.lval;
}
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
@@ -333,7 +333,7 @@ PHP_FUNCTION(chmod)
convert_to_string_ex(filename);
convert_to_long_ex(mode);
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
RETURN_FALSE;
}
@@ -396,7 +396,7 @@ PHP_FUNCTION(touch)
}
convert_to_string_ex(filename);
- if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val,1))) {
+ if (PG(safe_mode) &&(!php_checkuid((*filename)->value.str.val, NULL, 1))) {
if (newtime) efree(newtime);
RETURN_FALSE;
}
diff --git a/ext/standard/link.c b/ext/standard/link.c
index dbec5e087b..18cd67c1dc 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -110,7 +110,7 @@ PHP_FUNCTION(symlink)
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
if (!strncasecmp((*topath)->value.str.val,"http://",7) || !strncasecmp((*topath)->value.str.val,"ftp://",6)) {
@@ -141,7 +141,7 @@ PHP_FUNCTION(link)
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*topath)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
if (!strncasecmp((*topath)->value.str.val,"http://",7) || !strncasecmp((*topath)->value.str.val,"ftp://",6)) {
@@ -171,7 +171,7 @@ PHP_FUNCTION(unlink)
}
convert_to_string_ex(filename);
- if (PG(safe_mode) && !php_checkuid((*filename)->value.str.val, 2)) {
+ if (PG(safe_mode) && !php_checkuid((*filename)->value.str.val, NULL, 2)) {
RETURN_FALSE;
}
diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index c3d8c29ce7..35758ce702 100644
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -160,7 +160,7 @@ static gzFile php_gzopen_wrapper(char *path, char *mode, int options)
return php_gzopen_with_path(path, mode, PG(include_path), NULL);
}
else {
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path,1))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, NULL, 1))) {
return NULL;
}
if (php_check_open_basedir(path)) return NULL;
@@ -186,7 +186,7 @@ static gzFile *php_gzopen_with_path(char *filename, char *mode, char *path, char
/* Relative path open */
if (*filename == '.') {
- if (PG(safe_mode) &&(!php_checkuid(filename,2))) {
+ if (PG(safe_mode) &&(!php_checkuid(filename, NULL, 2))) {
return(NULL);
}
if (php_check_open_basedir(filename)) return NULL;
@@ -209,7 +209,7 @@ static gzFile *php_gzopen_with_path(char *filename, char *mode, char *path, char
} else {
strlcpy(trypath,filename,sizeof(trypath));
}
- if (!php_checkuid(trypath,2)) {
+ if (!php_checkuid(trypath, NULL, 2)) {
return(NULL);
}
if (php_check_open_basedir(trypath)) return NULL;
@@ -225,7 +225,7 @@ static gzFile *php_gzopen_with_path(char *filename, char *mode, char *path, char
}
if (!path || (path && !*path)) {
- if (PG(safe_mode) &&(!php_checkuid(filename,2))) {
+ if (PG(safe_mode) &&(!php_checkuid(filename, NULL, 2))) {
return(NULL);
}
if (php_check_open_basedir(filename)) return NULL;
@@ -252,7 +252,7 @@ static gzFile *php_gzopen_with_path(char *filename, char *mode, char *path, char
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
if (PG(safe_mode)) {
- if (V_STAT(trypath,&sb) == 0 &&(!php_checkuid(trypath,2))) {
+ if (V_STAT(trypath,&sb) == 0 &&(!php_checkuid(trypath, NULL, 2))) {
efree(pathbuf);
return(NULL);
}
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 2f96b16da5..30cdfaf292 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -246,7 +246,6 @@ PHPAPI int php_check_open_basedir(char *path)
PHPAPI FILE *php_fopen_wrapper(char *path, char *mode, int options, int *issock, int *socketd, char **opened_path)
{
- int cm=2; /* checkuid mode: 2 = if file does not exist, check directory */
PLS_FETCH();
if (opened_path) {
@@ -266,10 +265,7 @@ PHPAPI FILE *php_fopen_wrapper(char *path, char *mode, int options, int *issock,
} else {
FILE *fp;
- if (!strcmp(mode,"r") || !strcmp(mode,"r+")) {
- cm=0;
- }
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, cm))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(path)) {
@@ -358,7 +354,7 @@ PHPAPI FILE *php_fopen_primary_script(void)
SG(request_info).path_translated = NULL;
return NULL;
}
- fp = V_FOPEN(filename, "r");
+ fp = V_FOPEN(filename, "rb");
/* refuse to open anything that is not a regular file */
if (fp && (0 > fstat(fileno(fp), &st) || !S_ISREG(st.st_mode))) {
@@ -393,17 +389,15 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
char trypath[MAXPATHLEN + 1];
struct stat sb;
FILE *fp;
- int cm=2;
PLS_FETCH();
if (opened_path) {
*opened_path = NULL;
}
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
/* Relative path open */
if (*filename == '.') {
- if (PG(safe_mode) && (!php_checkuid(filename, cm))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(filename)) return NULL;
@@ -425,7 +419,7 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
} else {
strlcpy(trypath,filename,sizeof(trypath));
}
- if (!php_checkuid(trypath, cm)) {
+ if (!php_checkuid(trypath, mode, 0)) {
return NULL;
}
if (php_check_open_basedir(trypath)) return NULL;
@@ -446,7 +440,7 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
}
}
if (!path || (path && !*path)) {
- if (PG(safe_mode) && (!php_checkuid(filename, cm))) {
+ if (PG(safe_mode) && (!php_checkuid(filename, mode, 0))) {
return NULL;
}
if (php_check_open_basedir(filename)) {
@@ -474,7 +468,7 @@ PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
if (PG(safe_mode)) {
- if (V_STAT(trypath, &sb) == 0 && (!php_checkuid(trypath, cm))) {
+ if (V_STAT(trypath, &sb) == 0 && (!php_checkuid(trypath, mode, 0))) {
efree(pathbuf);
return NULL;
}
@@ -1032,9 +1026,7 @@ static FILE *php_fopen_url_wrapper(const char *path, char *mode, int options, in
if (options & USE_PATH) {
fp = php_fopen_with_path((char *) path, mode, PG(include_path), opened_path);
} else {
- int cm=2;
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, cm))) {
+ if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!php_checkuid(path, mode, 0))) {
fp = NULL;
} else {
if (php_check_open_basedir((char *) path)) {
diff --git a/main/main.c b/main/main.c
index 82abc0c351..99f89c5f6f 100644
--- a/main/main.c
+++ b/main/main.c
@@ -493,11 +493,11 @@ static FILE *php_fopen_wrapper_for_zend(const char *filename, char **opened_path
FILE *retval;
old_chunk_size = php_sock_set_def_chunk_size(1);
- retval=php_fopen_wrapper((char *) filename, "r", USE_PATH|IGNORE_URL_WIN, &issock, &socketd, opened_path);
+ retval=php_fopen_wrapper((char *) filename, "rb", USE_PATH|IGNORE_URL_WIN, &issock, &socketd, opened_path);
php_sock_set_def_chunk_size(old_chunk_size);
if (issock) {
- retval = fdopen(socketd, "r");
+ retval = fdopen(socketd, "rb");
}
return retval;
}
diff --git a/main/safe_mode.c b/main/safe_mode.c
index e7bb879362..f545f4d4a8 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -40,7 +40,7 @@
* 2 - if file does not exist, check directory
* 3 - only check directory (needed for mkdir)
*/
-PHPAPI int php_checkuid(const char *fn, int mode) {
+PHPAPI int php_checkuid(const char *fn, char *fopen_mode, int mode) {
struct stat sb;
int ret;
long uid=0L, duid=0L;
@@ -48,6 +48,14 @@ PHPAPI int php_checkuid(const char *fn, int mode) {
if (!fn) return(0); /* path must be provided */
+ if (fopen_mode) {
+ if (fopen_mode[0] == 'r') {
+ mode = 0;
+ } else {
+ mode = 2;
+ }
+ }
+
/*
* If given filepath is a URL, allow - safe mode stuff
* related to URL's is checked in individual functions
diff --git a/main/safe_mode.h b/main/safe_mode.h
index 8fba1db8c5..c765a6e37d 100644
--- a/main/safe_mode.h
+++ b/main/safe_mode.h
@@ -1,7 +1,7 @@
#ifndef _SAFE_MODE_H_
#define _SAFE_MODE_H_
-extern PHPAPI int php_checkuid(const char *filename, int mode);
+extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode);
extern PHPAPI char *php_get_current_user(void);
#endif
View Lorry Controller Status