[PHP-CVS] cvs: php-src /ext/ming ming.c

Thu, 06 Nov 2003 18:21:43 -0800 

iliaa           Thu Nov  6 20:17:32 2003 EDT

  Modified files:              
    /php-src/ext/ming   ming.c 
  Log:
  Added mandatory safe_mode & open_basedir checks.
  
  
Index: php-src/ext/ming/ming.c
diff -u php-src/ext/ming/ming.c:1.57 php-src/ext/ming/ming.c:1.58
--- php-src/ext/ming/ming.c:1.57        Thu Nov  6 11:50:39 2003
+++ php-src/ext/ming/ming.c     Thu Nov  6 20:17:31 2003
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: ming.c,v 1.57 2003/11/06 16:50:39 fmk Exp $ */
+/* $Id: ming.c,v 1.58 2003/11/07 01:17:31 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -70,6 +70,11 @@
 static SWFSound getSound(zval *id TSRMLS_DC);
 static SWFSoundInstance getSoundInstance(zval *id TSRMLS_DC);
 
+#define PHP_MING_FILE_CHK(file) \
+       if ((PG(safe_mode) && !php_checkuid((file), NULL, 
CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir((file) TSRMLS_CC)) {  \
+               RETURN_FALSE;   \
+       }       \
+
 /* {{{ proto void ming_setcubicthreshold (int threshold)
    Set cubic threshold (?) */
 PHP_FUNCTION(ming_setCubicThreshold)
@@ -340,6 +345,7 @@
        
        if (Z_TYPE_PP(zfile) != IS_RESOURCE) {
                convert_to_string_ex(zfile);
+               PHP_MING_FILE_CHK(Z_STRVAL_PP(zfile));
                input = newSWFInput_buffer(Z_STRVAL_PP(zfile), Z_STRLEN_PP(zfile));
                zend_list_addref(zend_list_insert(input, le_swfinputp));
        } else {
@@ -1411,6 +1417,7 @@
                font = loadSWFFontFromFile(file);
                php_stream_close(stream);
        } else {
+               PHP_MING_FILE_CHK(Z_STRVAL_PP(zfile));
                font = (SWFFont)newSWFBrowserFont(Z_STRVAL_PP(zfile));
        }
 
@@ -1743,6 +1750,7 @@
        if(Z_TYPE_PP(zfile) != IS_RESOURCE)
        {
                convert_to_string_ex(zfile);
+               PHP_MING_FILE_CHK(Z_STRVAL_PP(zfile));
                input = newSWFInput_buffer(Z_STRVAL_PP(zfile), Z_STRLEN_PP(zfile));
                zend_list_addref(zend_list_insert(input, le_swfinputp));
        }
@@ -2357,6 +2365,7 @@
        convert_to_string_ex(libswf);
        convert_to_string_ex(name);
        movie = getMovie(getThis() TSRMLS_CC);
+       PHP_MING_FILE_CHK(Z_STRVAL_PP(libswf));
        res = SWFMovie_importFont(movie, Z_STRVAL_PP(libswf), Z_STRVAL_PP(name));
 
        if(res != NULL)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to