[PHP-CVS] cvs: php-src /ext/session session.c

Sat, 21 May 2005 11:26:36 -0700 

rasmus          Sat May 21 13:37:58 2005 EDT

  Modified files:              
    /php-src/ext/session        session.c 
  Log:
  Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
  
  
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.410&r2=1.411&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.410 php-src/ext/session/session.c:1.411
--- php-src/ext/session/session.c:1.410 Fri May 20 06:27:49 2005
+++ php-src/ext/session/session.c       Sat May 21 13:37:56 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.410 2005/05/20 10:27:49 tony2001 Exp $ */
+/* $Id: session.c,v 1.411 2005/05/21 17:37:56 rasmus Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -131,13 +131,26 @@
        return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateSaveDir) {
+       /* Only do the safemode/open_basedir check at runtime */
+       if(stage == PHP_INI_STAGE_RUNTIME) {
+               if (PG(safe_mode) && (!php_checkuid(new_value, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+                       return FAILURE;
+               }
+
+               if (php_check_open_basedir(new_value TSRMLS_CC)) {
+                       return FAILURE;
+               }
+       }
+       OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, 
mh_arg3, stage TSRMLS_CC);
+}
 
 /* {{{ PHP_INI
  */
 PHP_INI_BEGIN()
        STD_PHP_INI_BOOLEAN("session.bug_compat_42",    "1",         
PHP_INI_ALL, OnUpdateBool,   bug_compat,         php_ps_globals,    ps_globals)
        STD_PHP_INI_BOOLEAN("session.bug_compat_warn",  "1",         
PHP_INI_ALL, OnUpdateBool,   bug_compat_warn,    php_ps_globals,    ps_globals)
-       STD_PHP_INI_ENTRY("session.save_path",          "",          
PHP_INI_ALL, OnUpdateString, save_path,          php_ps_globals,    ps_globals)
+       STD_PHP_INI_ENTRY("session.save_path",          "",          
PHP_INI_ALL, OnUpdateSaveDir,save_path,          php_ps_globals,    ps_globals)
        STD_PHP_INI_ENTRY("session.name",               "PHPSESSID", 
PHP_INI_ALL, OnUpdateString, session_name,       php_ps_globals,    ps_globals)
        PHP_INI_ENTRY("session.save_handler",           "files",     
PHP_INI_ALL, OnUpdateSaveHandler)
        STD_PHP_INI_BOOLEAN("session.auto_start",       "0",         
PHP_INI_ALL, OnUpdateBool,   auto_start,         php_ps_globals,    ps_globals)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to