[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/session session.c

Mon, 04 Dec 2006 07:20:12 -0800 

iliaa           Mon Dec  4 15:19:27 2006 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/session        session.c 
    /php-src    NEWS 
  Log:
  Fixed bug #37627 (session save_path check checks the parent directory).
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.18&r2=1.417.2.8.2.19&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.18 
php-src/ext/session/session.c:1.417.2.8.2.19
--- php-src/ext/session/session.c:1.417.2.8.2.18        Fri Dec  1 00:27:20 2006
+++ php-src/ext/session/session.c       Mon Dec  4 15:19:26 2006
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.417.2.8.2.18 2006/12/01 00:27:20 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.19 2006/12/04 15:19:26 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -163,7 +163,7 @@
                        p = new_value;
                }
 
-               if (PG(safe_mode) && (!php_checkuid(p, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+               if (PG(safe_mode) && (!php_checkuid(p, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                        return FAILURE;
                }
 
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.397&r2=1.2027.2.547.2.398&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.397 php-src/NEWS:1.2027.2.547.2.398
--- php-src/NEWS:1.2027.2.547.2.397     Mon Dec  4 03:07:44 2006
+++ php-src/NEWS        Mon Dec  4 15:19:26 2006
@@ -137,6 +137,8 @@
   mode). (Ilia)
 - Fixed bug #37773 (iconv_substr() gives "Unknown error" when string length = 
1").
   (Ilia)
+- Fixed bug #37627 (session save_path check checks the parent directory).
+  (Ilia)
 - Fixed bug #36975 (natcasesort() causes array_pop() to misbehave). (Hannes)
 - Fixed bug #36812 (pg_execute() modifies input array). (Ilia)
 - Fixed bug #36644 (possible crash in variant_date_from_timestamp()). (Ilia)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to