[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/standard file.c

Tue, 20 Jan 2004 19:34:51 -0800 

iliaa           Tue Jan 20 21:33:23 2004 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src    NEWS 
    /php-src/ext/standard       file.c 
  Log:
  MFH: Fixed bug #26974 (rename() doesn't check the destination file against
  safe_mode/open_basedir).
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.535&r2=1.1247.2.536&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.535 php-src/NEWS:1.1247.2.536
--- php-src/NEWS:1.1247.2.535   Mon Jan 19 20:11:39 2004
+++ php-src/NEWS        Tue Jan 20 21:33:21 2004
@@ -1,6 +1,8 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jan 2004, Version 4.3.5
+- Fixed bug #26974 (rename() doesn't check the destination file against 
+  safe_mode/open_basedir). (Ilia)
 - Fixed bug #26969 (--with-openssl=shared build fails). (Jani)
 - Fixed bug #26949 (rand(min,max) always returns min when ZTS enabled). (Jani)
 - Fixed bug #26937 (Warning in xml.c). (Jani)
http://cvs.php.net/diff.php/php-src/ext/standard/file.c?r1=1.279.2.55&r2=1.279.2.56&ty=u
Index: php-src/ext/standard/file.c
diff -u php-src/ext/standard/file.c:1.279.2.55 php-src/ext/standard/file.c:1.279.2.56
--- php-src/ext/standard/file.c:1.279.2.55      Mon Jan 19 13:40:45 2004
+++ php-src/ext/standard/file.c Tue Jan 20 21:33:22 2004
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: file.c,v 1.279.2.55 2004/01/19 18:40:45 iliaa Exp $ */
+/* $Id: file.c,v 1.279.2.56 2004/01/21 02:33:22 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
 
@@ -1899,11 +1899,12 @@
        old_name = Z_STRVAL_PP(old_arg);
        new_name = Z_STRVAL_PP(new_arg);
 
-       if (PG(safe_mode) &&(!php_checkuid(old_name, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+       if (PG(safe_mode) && (!php_checkuid(old_name, NULL, 
CHECKUID_CHECK_FILE_AND_DIR) ||
+                               !php_checkuid(new_name, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }
 
-       if (php_check_open_basedir(old_name TSRMLS_CC)) {
+       if (php_check_open_basedir(old_name TSRMLS_CC) || 
php_check_open_basedir(new_name TSRMLS_CC)) {
                RETURN_FALSE;
        }
 

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to