pollita Thu Jan 9 16:57:45 2003 EDT
Modified files:
/php4/ext/standard filestat.c
/php4/main safe_mode.c safe_mode.h
Log:
Bug #21531 file_exists() and other filestat functions throw errors when in safe
mode and file/directory does not exist.
Extended php_checkuid function to add "flags" field via rename to php_checkuid_ex
with alias for BC in functions that do want safe mode errors thrown.
Index: php4/ext/standard/filestat.c
diff -u php4/ext/standard/filestat.c:1.117 php4/ext/standard/filestat.c:1.118
--- php4/ext/standard/filestat.c:1.117 Sat Jan 4 19:56:17 2003
+++ php4/ext/standard/filestat.c Thu Jan 9 16:57:44 2003
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: filestat.c,v 1.117 2003/01/05 00:56:17 derick Exp $ */
+/* $Id: filestat.c,v 1.118 2003/01/09 21:57:44 pollita Exp $ */
#include "php.h"
#include "safe_mode.h"
@@ -564,7 +564,7 @@
char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev",
"size", "atime", "mtime", "ctime", "blksize", "blocks"};
- if (PG(safe_mode) &&(!php_checkuid(filename, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
+ if (PG(safe_mode) &&(!php_checkuid_ex(filename, NULL,
+CHECKUID_CHECK_FILE_AND_DIR, IS_EXISTS_CHECK(type) ? CHECKUID_NO_ERRORS : 0))) {
RETURN_FALSE;
}
Index: php4/main/safe_mode.c
diff -u php4/main/safe_mode.c:1.52 php4/main/safe_mode.c:1.53
--- php4/main/safe_mode.c:1.52 Tue Dec 31 10:58:54 2002
+++ php4/main/safe_mode.c Thu Jan 9 16:57:45 2003
@@ -15,7 +15,7 @@
| Author: Rasmus Lerdorf <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: safe_mode.c,v 1.52 2002/12/31 15:58:54 sebastian Exp $ */
+/* $Id: safe_mode.c,v 1.53 2003/01/09 21:57:45 pollita Exp $ */
#include "php.h"
@@ -44,7 +44,7 @@
* 5 - only check file
*/
-PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
+PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int
+flags)
{
struct stat sb;
int ret, nofile=0;
@@ -85,12 +85,16 @@
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
access %s", filename);
+ if (flags & CHECKUID_NO_ERRORS == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
+"Unable to access %s", filename);
+ }
return 0;
} else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
access %s", filename);
+ if (flags & CHECKUID_NO_ERRORS == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
+"Unable to access %s", filename);
+ }
return 1;
- }
+ }
nofile = 1;
} else {
uid = sb.st_uid;
@@ -129,7 +133,9 @@
/* check directory */
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access
%s", filename);
+ if (flags & CHECKUID_NO_ERRORS == 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to
+access %s", filename);
+ }
return 0;
}
duid = sb.st_uid;
@@ -162,15 +168,21 @@
gid = dgid;
filename = path;
}
-
- if (PG(safe_mode_gid)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in
effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by
uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
- } else {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in
effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld",
php_getuid(), filename, uid);
- }
+
+ if (flags & CHECKUID_NO_ERRORS == 0) {
+ if (PG(safe_mode_gid)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE
+Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access
+%s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
+ } else {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE
+Restriction in effect. The script whose uid is %ld is not allowed to access %s owned
+by uid %ld", php_getuid(), filename, uid);
+ }
+ }
+
return 0;
}
+PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) {
+ return php_checkuid_ex(filename, fopen_mode, mode, 0);
+}
PHPAPI char *php_get_current_user()
{
Index: php4/main/safe_mode.h
diff -u php4/main/safe_mode.h:1.7 php4/main/safe_mode.h:1.8
--- php4/main/safe_mode.h:1.7 Fri Jul 13 14:21:21 2001
+++ php4/main/safe_mode.h Thu Jan 9 16:57:45 2003
@@ -9,7 +9,11 @@
#define CHECKUID_CHECK_MODE_PARAM 4
#define CHECKUID_ALLOW_ONLY_FILE 5
+/* flags for php_checkuid_ex() */
+#define CHECKUID_NO_ERRORS 0x01
+
extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode);
+extern PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode,
+int flags);
extern PHPAPI char *php_get_current_user(void);
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
