tony2001 Tue Jan 31 10:57:52 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src NEWS
/php-src/ext/curl curl.c
Log:
fix #36223 (curl bypasses open_basedir restrictions)
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.113&r2=1.1247.2.920.2.114&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.113 php-src/NEWS:1.1247.2.920.2.114
--- php-src/NEWS:1.1247.2.920.2.113 Thu Jan 26 15:47:31 2006
+++ php-src/NEWS Tue Jan 31 10:57:52 2006
@@ -2,6 +2,7 @@
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2006, Version 4.4.3
- Added a check for special characters in the session name. (Ilia)
+- Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony)
- Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the
end of the string). (Ilia)
- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.8&r2=1.124.2.30.2.9&diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.8
php-src/ext/curl/curl.c:1.124.2.30.2.9
--- php-src/ext/curl/curl.c:1.124.2.30.2.8 Thu Jan 26 13:23:50 2006
+++ php-src/ext/curl/curl.c Tue Jan 31 10:57:52 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: curl.c,v 1.124.2.30.2.8 2006/01/26 13:23:50 mike Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -159,7 +159,7 @@
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)
\
if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&
\
- strncasecmp(str, "file://", sizeof("file://") - 1) == 0)
\
+ strncasecmp(str, "file:", sizeof("file:") - 1) == 0)
\
{
\
php_url *tmp_url;
\
\
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
