[PHP-CVS] cvs: php4(PHP_4_3) /ext/curl curl.c

[Ilia Alshanetsky]

iliaa           Thu Jun 19 18:18:58 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4/ext/curl      curl.c 
  Log:
  Added missing safe_mode checks
  
  
Index: php4/ext/curl/curl.c
diff -u php4/ext/curl/curl.c:1.124.2.11 php4/ext/curl/curl.c:1.124.2.12
--- php4/ext/curl/curl.c:1.124.2.11     Thu Jun 12 08:28:30 2003
+++ php4/ext/curl/curl.c        Thu Jun 19 18:18:58 2003
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: curl.c,v 1.124.2.11 2003/06/12 12:28:30 andrey Exp $ */
+/* $Id: curl.c,v 1.124.2.12 2003/06/19 22:18:58 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -729,20 +729,16 @@
                case CURLOPT_USERAGENT:
                case CURLOPT_FTPPORT:
                case CURLOPT_COOKIE:
-               case CURLOPT_COOKIEFILE:
                case CURLOPT_REFERER:
                case CURLOPT_INTERFACE:
                case CURLOPT_KRB4LEVEL: 
-               case CURLOPT_RANDOM_FILE:
                case CURLOPT_EGDSOCKET:
                case CURLOPT_CAINFO: 
                case CURLOPT_CAPATH:
-               case CURLOPT_COOKIEJAR:
                case CURLOPT_SSL_CIPHER_LIST: 
                case CURLOPT_SSLKEY:
-               case CURLOPT_SSLCERT:
                case CURLOPT_SSLKEYTYPE: 
-               case CURLOPT_SSLKEYPASSWD: 
+               case CURLOPT_SSLKEYPASSWD:
                case CURLOPT_SSLENGINE: 
 #ifdef CURLOPT_ENCODING
                case CURLOPT_ENCODING: 
@@ -953,6 +949,28 @@
                        zend_llist_add_element(&ch->to_free.slist, &slist);
 
                        error = curl_easy_setopt(ch->cp, option, slist);
+
+                       break;
+               }
+               /* the following options deal with files, therefor safe_mode & 
open_basedir checks
+                * are required.
+                */
+               case CURLOPT_COOKIEJAR:
+               case CURLOPT_SSLCERT:
+               case CURLOPT_RANDOM_FILE:
+               case CURLOPT_COOKIEFILE: {
+                       char *copystr = NULL;
+
+                       convert_to_string_ex(zvalue);
+
+                       if (php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC) || 
(PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(zvalue), "rb+", 
CHECKUID_CHECK_MODE_PARAM))) {
+                               RETURN_FALSE;                   
+                       }
+
+                       copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue));
+
+                       error = curl_easy_setopt(ch->cp, option, copystr);
+                       zend_llist_add_element(&ch->to_free.str, &copystr);
 
                        break;
                }



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php