iliaa Thu Jun 19 18:18:58 2003 EDT Modified files: (Branch: PHP_4_3) /php4/ext/curl curl.c Log: Added missing safe_mode checks Index: php4/ext/curl/curl.c diff -u php4/ext/curl/curl.c:1.124.2.11 php4/ext/curl/curl.c:1.124.2.12 --- php4/ext/curl/curl.c:1.124.2.11 Thu Jun 12 08:28:30 2003 +++ php4/ext/curl/curl.c Thu Jun 19 18:18:58 2003 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: curl.c,v 1.124.2.11 2003/06/12 12:28:30 andrey Exp $ */ +/* $Id: curl.c,v 1.124.2.12 2003/06/19 22:18:58 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -729,20 +729,16 @@ case CURLOPT_USERAGENT: case CURLOPT_FTPPORT: case CURLOPT_COOKIE: - case CURLOPT_COOKIEFILE: case CURLOPT_REFERER: case CURLOPT_INTERFACE: case CURLOPT_KRB4LEVEL: - case CURLOPT_RANDOM_FILE: case CURLOPT_EGDSOCKET: case CURLOPT_CAINFO: case CURLOPT_CAPATH: - case CURLOPT_COOKIEJAR: case CURLOPT_SSL_CIPHER_LIST: case CURLOPT_SSLKEY: - case CURLOPT_SSLCERT: case CURLOPT_SSLKEYTYPE: - case CURLOPT_SSLKEYPASSWD: + case CURLOPT_SSLKEYPASSWD: case CURLOPT_SSLENGINE: #ifdef CURLOPT_ENCODING case CURLOPT_ENCODING: @@ -953,6 +949,28 @@ zend_llist_add_element(&ch->to_free.slist, &slist); error = curl_easy_setopt(ch->cp, option, slist); + + break; + } + /* the following options deal with files, therefor safe_mode & open_basedir checks + * are required. + */ + case CURLOPT_COOKIEJAR: + case CURLOPT_SSLCERT: + case CURLOPT_RANDOM_FILE: + case CURLOPT_COOKIEFILE: { + char *copystr = NULL; + + convert_to_string_ex(zvalue); + + if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + + copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + + error = curl_easy_setopt(ch->cp, option, copystr); + zend_llist_add_element(&ch->to_free.str, ©str); break; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php