iliaa Wed Oct 5 10:34:41 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-src NEWS
Log:
MFH: Missing safe_mode/open_basedir checks for file uploads.
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30&r2=1.124.2.30.2.1&ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30
php-src/ext/curl/curl.c:1.124.2.30.2.1
--- php-src/ext/curl/curl.c:1.124.2.30 Thu Jun 2 17:05:06 2005
+++ php-src/ext/curl/curl.c Wed Oct 5 10:34:36 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: curl.c,v 1.124.2.30 2005/06/02 21:05:06 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.1 2005/10/05 14:34:36 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -992,10 +992,15 @@
postval = Z_STRVAL_PP(current);
if (*postval == '@') {
+ ++postval;
+ /* safe_mode / open_basedir
check */
+ if
(php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
error = curl_formadd(&first,
&last,
CURLFORM_COPYNAME, string_key,
CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-
CURLFORM_FILE, ++postval,
+
CURLFORM_FILE, postval,
CURLFORM_END);
}
else {
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.46&r2=1.1247.2.920.2.47&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.46 php-src/NEWS:1.1247.2.920.2.47
--- php-src/NEWS:1.1247.2.920.2.46 Tue Oct 4 20:50:13 2005
+++ php-src/NEWS Wed Oct 5 10:34:38 2005
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2005, Version 4.4.1
+- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
- Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
- Fixed possible crash and/or memory corruption in import_request_variables().
(Ilia)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
