iliaa Sun Oct 1 20:58:03 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
/php-src/ext/standard basic_functions.c
/php-src NEWS
Log:
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
session.save_path, allowing them to account for extra parameters).
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.14&r2=1.417.2.8.2.15&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.14
php-src/ext/session/session.c:1.417.2.8.2.15
--- php-src/ext/session/session.c:1.417.2.8.2.14 Wed Aug 30 16:24:40 2006
+++ php-src/ext/session/session.c Sun Oct 1 20:58:02 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.417.2.8.2.14 2006/08/30 16:24:40 tony2001 Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.15 2006/10/01 20:58:02 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -154,11 +154,19 @@
{
/* Only do the safemode/open_basedir check at runtime */
if (stage == PHP_INI_STAGE_RUNTIME) {
- if (PG(safe_mode) && (!php_checkuid(new_value, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ char *p;
+
+ if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+ p++;
+ } else {
+ p = new_value;
+ }
+
+ if (PG(safe_mode) && (!php_checkuid(p, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
return FAILURE;
}
- if (php_check_open_basedir(new_value TSRMLS_CC)) {
+ if (php_check_open_basedir(p TSRMLS_CC)) {
return FAILURE;
}
}
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.25&r2=1.725.2.31.2.26&diff_format=u
Index: php-src/ext/standard/basic_functions.c
diff -u php-src/ext/standard/basic_functions.c:1.725.2.31.2.25
php-src/ext/standard/basic_functions.c:1.725.2.31.2.26
--- php-src/ext/standard/basic_functions.c:1.725.2.31.2.25 Tue Sep 19
23:44:30 2006
+++ php-src/ext/standard/basic_functions.c Sun Oct 1 20:58:02 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: basic_functions.c,v 1.725.2.31.2.25 2006/09/19 23:44:30 iliaa Exp $ */
+/* $Id: basic_functions.c,v 1.725.2.31.2.26 2006/10/01 20:58:02 iliaa Exp $ */
#include "php.h"
#include "php_streams.h"
@@ -5622,7 +5622,6 @@
_CHECK_PATH(varname, "java.class.path") ||
_CHECK_PATH(varname, "java.home") ||
_CHECK_PATH(varname, "java.library.path") ||
- _CHECK_PATH(varname, "session.save_path") ||
_CHECK_PATH(varname, "vpopmail.directory")) {
if (PG(safe_mode)
&&(!php_checkuid(Z_STRVAL_PP(new_value), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
zval_dtor(return_value);
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.273&r2=1.2027.2.547.2.274&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.273 php-src/NEWS:1.2027.2.547.2.274
--- php-src/NEWS:1.2027.2.547.2.273 Thu Sep 28 17:10:14 2006
+++ php-src/NEWS Sun Oct 1 20:58:02 2006
@@ -6,6 +6,8 @@
- Fixed mess with CGI/CLI -d option (now it works with cgi; constants are
working exactly like in php.ini; with FastCGI -d affects all requests).
(Dmitry)
+- Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
+ session.save_path, allowing them to account for extra parameters). (Ilia)
- Fixed bug #38981 (using FTP URLs in get_headers() causes crash). (Tony)
- Fixed bug #38961 (metaphone() results in segmentation fault on NetBSD).
(Tony)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
