diff options
| -rw-r--r-- | ext/fdf/fdf.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/fdf/fdf.c b/ext/fdf/fdf.c index b9d93a7dcb..e3568b199a 100644 --- a/ext/fdf/fdf.c +++ b/ext/fdf/fdf.c @@ -725,6 +725,10 @@ PHP_FUNCTION(fdf_set_file) return; } + if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); err = FDFSetFile(fdf, filename); @@ -1485,6 +1489,10 @@ PHP_FUNCTION(fdf_get_attachment) { ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf); + if (php_check_open_basedir(savepath TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(savepath, "wb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + strncpy(pathbuf , savepath, MAXPATHLEN-1); pathbuf[MAXPATHLEN-1] = '\0'; |