pajoye Wed Mar 14 12:02:40 2007 UTC
Modified files:
/php-src/ext/zip php_zip.c
Log:
- add openbase_dir checks in ::open and addFile()
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.41&r2=1.42&diff_format=u
Index: php-src/ext/zip/php_zip.c
diff -u php-src/ext/zip/php_zip.c:1.41 php-src/ext/zip/php_zip.c:1.42
--- php-src/ext/zip/php_zip.c:1.41 Wed Mar 14 11:37:35 2007
+++ php-src/ext/zip/php_zip.c Wed Mar 14 12:02:40 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_zip.c,v 1.41 2007/03/14 11:37:35 pajoye Exp $ */
+/* $Id: php_zip.c,v 1.42 2007/03/14 12:02:40 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -927,6 +927,10 @@
RETURN_FALSE;
}
+ if (OPENBASEDIR_CHECKPATH(filename)) {
+ RETURN_FALSE;
+ }
+
if(!expand_filepath(filename, resolved_path TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -1067,6 +1071,10 @@
}
}
+ if (OPENBASEDIR_CHECKPATH(filename)) {
+ RETURN_FALSE;
+ }
+
if(!expand_filepath(filename, resolved_path TSRMLS_CC)) {
if (Z_TYPE_PP(filename_zval) == IS_UNICODE) {
efree(entry_name);
@@ -2103,7 +2111,7 @@
php_info_print_table_start();
php_info_print_table_row(2, "Zip", "enabled");
- php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v 1.41
2007/03/14 11:37:35 pajoye Exp $");
+ php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v 1.42
2007/03/14 12:02:40 pajoye Exp $");
php_info_print_table_row(2, "Zip version", "2.0.0");
php_info_print_table_row(2, "Libzip version", "0.7.1");
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
