[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard file.c

Sun, 27 May 2007 10:33:54 -0700 

iliaa           Sun May 27 17:33:39 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS 
    /php-src/ext/standard       file.c 
  Log:
  Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()). 
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.739&r2=1.2027.2.547.2.740&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.739 php-src/NEWS:1.2027.2.547.2.740
--- php-src/NEWS:1.2027.2.547.2.739     Sun May 27 17:05:50 2007
+++ php-src/NEWS        Sun May 27 17:33:39 2007
@@ -2,6 +2,7 @@
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jun 2007, PHP 5.2.3
 - Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani)
+- Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()). (Ilia)
 - Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty
   string keys). (Ilia)
 - Fixed bug #41236 (Regression in timeout handling of non-blocking SSL
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/file.c?r1=1.409.2.6.2.19&r2=1.409.2.6.2.20&diff_format=u
Index: php-src/ext/standard/file.c
diff -u php-src/ext/standard/file.c:1.409.2.6.2.19 
php-src/ext/standard/file.c:1.409.2.6.2.20
--- php-src/ext/standard/file.c:1.409.2.6.2.19  Fri May 18 20:34:13 2007
+++ php-src/ext/standard/file.c Sun May 27 17:33:39 2007
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: file.c,v 1.409.2.6.2.19 2007/05/18 20:34:13 tony2001 Exp $ */
+/* $Id: file.c,v 1.409.2.6.2.20 2007/05/27 17:33:39 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
 
@@ -2371,6 +2371,14 @@
        convert_to_string_ex(path);
 
        if (VCWD_REALPATH(Z_STRVAL_PP(path), resolved_path_buff)) {
+               if (PG(safe_mode) && (!php_checkuid(resolved_path_buff, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+                       RETURN_FALSE;
+               }
+
+               if (php_check_open_basedir(resolved_path_buff TSRMLS_CC)) {
+                       RETURN_FALSE;
+               }
+
 #ifdef ZTS
                if (VCWD_ACCESS(resolved_path_buff, F_OK)) {
                        RETURN_FALSE;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to