iliaa Wed Oct 5 10:32:25 2005 EDT
Modified files:
/php-src/ext/curl interface.c
Log:
Missing safe_mode/open_basedir checks for file uploads.
http://cvs.php.net/diff.php/php-src/ext/curl/interface.c?r1=1.63&r2=1.64&ty=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.63 php-src/ext/curl/interface.c:1.64
--- php-src/ext/curl/interface.c:1.63 Tue Aug 9 10:14:55 2005
+++ php-src/ext/curl/interface.c Wed Oct 5 10:32:19 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.63 2005/08/09 14:14:55 iliaa Exp $ */
+/* $Id: interface.c,v 1.64 2005/10/05 14:32:19 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -1152,10 +1152,15 @@
* must be explicitly cast to long in
curl_formadd
* use since curl needs a long not an
int. */
if (*postval == '@') {
+ ++postval;
+ /* safe_mode / open_basedir
check */
+ if
(php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
error = curl_formadd(&first,
&last,
CURLFORM_COPYNAME, string_key,
CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-
CURLFORM_FILE, ++postval,
+
CURLFORM_FILE, postval,
CURLFORM_END);
} else {
error = curl_formadd(&first,
&last,
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
