[PHP-CVS] cvs: php-src(PHP_5_1) / NEWS /ext/standard filestat.c

[Antony Dovgal]

tony2001                Tue Apr 25 08:41:02 2006 UTC

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/standard       filestat.c 
    /php-src    NEWS 
  Log:
  fix #37191 (chmod takes off sticky bit when safe_mode is On)
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/filestat.c?r1=1.136.2.7&r2=1.136.2.8&diff_format=u
Index: php-src/ext/standard/filestat.c
diff -u php-src/ext/standard/filestat.c:1.136.2.7 
php-src/ext/standard/filestat.c:1.136.2.8
--- php-src/ext/standard/filestat.c:1.136.2.7   Mon Apr 10 11:56:18 2006
+++ php-src/ext/standard/filestat.c     Tue Apr 25 08:41:02 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: filestat.c,v 1.136.2.7 2006/04/10 11:56:18 sniper Exp $ */
+/* $Id: filestat.c,v 1.136.2.8 2006/04/25 08:41:02 tony2001 Exp $ */
 
 #include "php.h"
 #include "safe_mode.h"
@@ -504,8 +504,23 @@
           Setuiding files could allow users to gain privileges
           that safe mode doesn't give them.
        */
-       if(PG(safe_mode))
-               imode &= 0777;
+
+       if(PG(safe_mode)) {
+               php_stream_statbuf ssb;
+               if (php_stream_stat_path_ex(Z_STRVAL_PP(filename), 0, &ssb, 
NULL)) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat 
failed for %s", Z_STRVAL_PP(filename));
+                       RETURN_FALSE;
+               }
+               if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) {
+                       imode ^= 04000;
+               }
+               if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) {
+                       imode ^= 02000;
+               }
+               if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) {
+                       imode ^= 01000;
+               }
+       }
 
        ret = VCWD_CHMOD(Z_STRVAL_PP(filename), imode);
        if (ret == -1) {
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.2027.2.529&r2=1.2027.2.530&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.529 php-src/NEWS:1.2027.2.530
--- php-src/NEWS:1.2027.2.529   Tue Apr 25 08:34:25 2006
+++ php-src/NEWS        Tue Apr 25 08:41:02 2006
@@ -1,7 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Apr 2006, PHP 5.1.3RC4
-- Fixed bug #37192 (cc fails on hash_adler.c:32). Mike
+- Fixed bug #37192 (cc fails on hash_adler.c:32). (Mike)
+- Fixed bug #37191 (chmod takes off sticky bit when safe_mode is On). (Tony)
 
 20 Apr 2006, PHP 5.1.3RC3
 - Fixed reading stream filters never notified about EOF. (Mike)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php