hholzgra Wed May 28 05:44:27 2003 EDT
Modified files: (Branch: PHP_4)
/php4/ext/fdf fdf.c
Log:
MFH
Index: php4/ext/fdf/fdf.c
diff -u php4/ext/fdf/fdf.c:1.66.2.2.2.1 php4/ext/fdf/fdf.c:1.66.2.2.2.2
--- php4/ext/fdf/fdf.c:1.66.2.2.2.1 Fri May 9 05:47:13 2003
+++ php4/ext/fdf/fdf.c Wed May 28 05:44:27 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fdf.c,v 1.66.2.2.2.1 2003/05/09 09:47:13 hholzgra Exp $ */
+/* $Id: fdf.c,v 1.66.2.2.2.2 2003/05/28 09:44:27 hholzgra Exp $ */
/* FdfTk lib 2.0 is a Complete C/C++ FDF Toolkit available from
http://beta1.adobe.com/ada/acrosdk/forms.html. */
@@ -125,10 +125,17 @@
fdf_post_handler
};
+static void php_fdf_init_globals(zend_fdf_globals *fdf_globals)
+{
+ memset(fdf_globals, 0, sizeof(*fdf_globals));
+}
+
/* {{{ PHP_MINIT_FUNCTION
*/
PHP_MINIT_FUNCTION(fdf)
{
+ ZEND_INIT_MODULE_GLOBALS(fdf, php_fdf_init_globals, NULL);
+
le_fdf = zend_register_list_destructors_ex(phpi_FDFClose, NULL, "fdf",
module_number);
/* add handler for Acrobat FDF form post requests */
@@ -177,8 +184,8 @@
/* }}} */
/* {{{ RINIT */
-PHP_RINIT_FUNCTION(fdf) {
- FDF_G(error) = FDFErcOK;
+PHP_RINIT_FUNCTION(fdf)
+{
return SUCCESS;
}
/* }}} */
@@ -224,6 +231,10 @@
convert_to_string_ex(file);
+ if (php_check_open_basedir(Z_STRVAL_PP(file) TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(Z_STRVAL_PP(file), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
+
err = FDFOpen(Z_STRVAL_PP(file), 0, &fdf);
if(err != FDFErcOK || !fdf) {
@@ -511,6 +522,11 @@
convert_to_string_ex(fieldname);
convert_to_long_ex(face);
convert_to_string_ex(filename);
+
+ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode)
&& !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
+
convert_to_long_ex(pagenr);
switch(Z_LVAL_PP(face)) {
@@ -562,6 +578,10 @@
ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
+ if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
+
switch(face) {
case 1:
facenr = FDFNormalAP;
@@ -771,6 +791,9 @@
ZEND_FETCH_RESOURCE(fdf, FDFDoc *, &r_fdf, -1, "fdf", le_fdf);
if(filename) {
+ if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
err = FDFSave(fdf, filename);
} else {
FILE *fp;
@@ -884,6 +907,10 @@
convert_to_string_ex(filename);
convert_to_string_ex(template);
convert_to_long_ex(rename);
+
+ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC) || (PG(safe_mode)
&& !php_checkuid(Z_STRVAL_PP(filename), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
filespec.FS = NULL;
filespec.F = Z_STRVAL_PP(filename);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
