[PHP-CVS] cvs: php-src /ext/curl interface.c /ext/gd gd.c gd_ctx.c

[Ilia Alshanetsky]

iliaa           Thu Oct  6 16:37:25 2005 EDT

  Modified files:              
    /php-src/ext/gd     gd_ctx.c gd.c 
    /php-src/ext/curl   interface.c 
  Log:
  Added missing safe_mode checks.
  
  
http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.22&r2=1.23&ty=u
Index: php-src/ext/gd/gd_ctx.c
diff -u php-src/ext/gd/gd_ctx.c:1.22 php-src/ext/gd/gd_ctx.c:1.23
--- php-src/ext/gd/gd_ctx.c:1.22        Wed Aug  3 10:07:13 2005
+++ php-src/ext/gd/gd_ctx.c     Thu Oct  6 16:37:22 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd_ctx.c,v 1.22 2005/08/03 14:07:13 sniper Exp $ */
+/* $Id: gd_ctx.c,v 1.23 2005/10/06 20:37:22 iliaa Exp $ */
 
 #include "php_gd.h"
 
@@ -82,7 +82,7 @@
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || 
(PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
filename '%s'", fn);
                        RETURN_FALSE;
                }
http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.314&r2=1.315&ty=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.314 php-src/ext/gd/gd.c:1.315
--- php-src/ext/gd/gd.c:1.314   Sun Oct  2 14:06:12 2005
+++ php-src/ext/gd/gd.c Thu Oct  6 16:37:22 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd.c,v 1.314 2005/10/02 18:06:12 pajoye Exp $ */
+/* $Id: gd.c,v 1.315 2005/10/06 20:37:22 iliaa Exp $ */
 
 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -1709,7 +1709,7 @@
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC)) {
+               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || 
(PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
filename '%s'", fn);
                        RETURN_FALSE;
                }
http://cvs.php.net/diff.php/php-src/ext/curl/interface.c?r1=1.64&r2=1.65&ty=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.64 php-src/ext/curl/interface.c:1.65
--- php-src/ext/curl/interface.c:1.64   Wed Oct  5 10:32:19 2005
+++ php-src/ext/curl/interface.c        Thu Oct  6 16:37:25 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: interface.c,v 1.64 2005/10/05 14:32:19 iliaa Exp $ */
+/* $Id: interface.c,v 1.65 2005/10/06 20:37:25 iliaa Exp $ */
 
 #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
 
@@ -65,7 +65,7 @@
 #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
 
 #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                  
                                                                \
-       if (PG(open_basedir) && *PG(open_basedir) &&                            
                    \
+       if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&       
                                         \
            strncasecmp(str, "file://", sizeof("file://") - 1) == 0)            
                                                \
        {                                                                       
                                                                                
                                \
                php_url *tmp_url;                                               
                                                                                
                \

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php