iliaa Thu Oct 6 16:43:00 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-src/ext/gd gd_ctx.c gd.c
/php-src/ext/curl interface.c
Log:
MFH: Added missing safe_mode checks.
http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.20&r2=1.20.2.1&ty=u
Index: php-src/ext/gd/gd_ctx.c
diff -u php-src/ext/gd/gd_ctx.c:1.20 php-src/ext/gd/gd_ctx.c:1.20.2.1
--- php-src/ext/gd/gd_ctx.c:1.20 Wed Jan 28 11:25:12 2004
+++ php-src/ext/gd/gd_ctx.c Thu Oct 6 16:42:56 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: gd_ctx.c,v 1.20 2004/01/28 16:25:12 martin Exp $ */
+/* $Id: gd_ctx.c,v 1.20.2.1 2005/10/06 20:42:56 iliaa Exp $ */
#include "php_gd.h"
@@ -82,7 +82,7 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+",
CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid
filename '%s'", fn);
RETURN_FALSE;
}
http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.294.2.12&r2=1.294.2.13&ty=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.294.2.12 php-src/ext/gd/gd.c:1.294.2.13
--- php-src/ext/gd/gd.c:1.294.2.12 Fri May 6 12:49:04 2005
+++ php-src/ext/gd/gd.c Thu Oct 6 16:42:56 2005
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: gd.c,v 1.294.2.12 2005/05/06 16:49:04 tony2001 Exp $ */
+/* $Id: gd.c,v 1.294.2.13 2005/10/06 20:42:56 iliaa Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -1726,7 +1726,7 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn
TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+",
CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid
filename '%s'", fn);
RETURN_FALSE;
}
http://cvs.php.net/diff.php/php-src/ext/curl/interface.c?r1=1.46.2.9&r2=1.46.2.10&ty=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.46.2.9
php-src/ext/curl/interface.c:1.46.2.10
--- php-src/ext/curl/interface.c:1.46.2.9 Wed Oct 5 10:32:57 2005
+++ php-src/ext/curl/interface.c Thu Oct 6 16:42:59 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.46.2.9 2005/10/05 14:32:57 iliaa Exp $ */
+/* $Id: interface.c,v 1.46.2.10 2005/10/06 20:42:59 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -62,7 +62,7 @@
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)
\
- if (PG(open_basedir) && *PG(open_basedir) &&
\
+ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&
\
strncasecmp(str, "file://", sizeof("file://") - 1) == 0)
\
{
\
php_url *tmp_url;
\
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
