[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session mod_files.c session.c

Thu, 02 Aug 2007 18:17:16 -0700 

stas            Fri Aug  3 01:16:41 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/session        mod_files.c session.c 
  Log:
  correct fix for access control for save_path and .htaccess
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.100.2.3.2.6&r2=1.100.2.3.2.7&diff_format=u
Index: php-src/ext/session/mod_files.c
diff -u php-src/ext/session/mod_files.c:1.100.2.3.2.6 
php-src/ext/session/mod_files.c:1.100.2.3.2.7
--- php-src/ext/session/mod_files.c:1.100.2.3.2.6       Tue Jul 10 17:40:41 2007
+++ php-src/ext/session/mod_files.c     Fri Aug  3 01:16:40 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: mod_files.c,v 1.100.2.3.2.6 2007/07/10 17:40:41 stas Exp $ */
+/* $Id: mod_files.c,v 1.100.2.3.2.7 2007/08/03 01:16:40 stas Exp $ */
 
 #include "php.h"
 
@@ -294,14 +294,6 @@
        }
        save_path = argv[argc - 1];
 
-       if (PG(safe_mode) && (!php_checkuid(save_path, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
-               return FAILURE;
-       }
-
-       if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) {
-               return FAILURE;
-       }
-
        data = emalloc(sizeof(*data));
        memset(data, 0, sizeof(*data));
        
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.39&r2=1.417.2.8.2.40&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.39 
php-src/ext/session/session.c:1.417.2.8.2.40
--- php-src/ext/session/session.c:1.417.2.8.2.39        Sun Jul 29 14:43:30 2007
+++ php-src/ext/session/session.c       Fri Aug  3 01:16:40 2007
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.417.2.8.2.39 2007/07/29 14:43:30 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.40 2007/08/03 01:16:40 stas Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -151,7 +151,7 @@
 static PHP_INI_MH(OnUpdateSaveDir)
 {
        /* Only do the safemode/open_basedir check at runtime */
-       if (stage == PHP_INI_STAGE_RUNTIME) {
+       if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
                char *p;
 
                if (memchr(new_value, '\0', new_value_length) != NULL) {
@@ -168,7 +168,7 @@
                        return FAILURE;
                }
 
-               if (php_check_open_basedir(p TSRMLS_CC)) {
+               if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) {
                        return FAILURE;
                }
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to