iliaa Wed Oct 4 23:20:02 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/standard dir.c
/php-src NEWS
Log:
MFB: Fixed missing open_basedir check inside chdir() function.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.109.2.18.2.2&r2=1.109.2.18.2.3&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.109.2.18.2.2
php-src/ext/standard/dir.c:1.109.2.18.2.3
--- php-src/ext/standard/dir.c:1.109.2.18.2.2 Sun Jan 1 13:46:57 2006
+++ php-src/ext/standard/dir.c Wed Oct 4 23:20:02 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: dir.c,v 1.109.2.18.2.2 2006/01/01 13:46:57 sniper Exp $ */
+/* $Id: dir.c,v 1.109.2.18.2.3 2006/10/04 23:20:02 iliaa Exp $ */
/* {{{ includes/startup/misc */
@@ -275,7 +275,7 @@
RETURN_FALSE;
}
- if (PG(safe_mode) && !php_checkuid(str, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
+ if ((PG(safe_mode) && !php_checkuid(str, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
RETURN_FALSE;
}
ret = VCWD_CHDIR(str);
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.165&r2=1.1247.2.920.2.166&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.165 php-src/NEWS:1.1247.2.920.2.166
--- php-src/NEWS:1.1247.2.920.2.165 Thu Sep 28 15:16:40 2006
+++ php-src/NEWS Wed Oct 4 23:20:02 2006
@@ -2,6 +2,7 @@
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2006, Version 4.4.5
- Updated PCRE to version 6.7. (Ilia)
+- Fixed missing open_basedir check inside chdir() function. (Ilia)
- Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()). (Ilia)
- Fixed bug #38859 (parse_url() fails if passing '@' in passwd). (Tony,Ilia)
- Fixed bug #38534 (segfault when calling setlocale() in userspace session
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
