[PHP-CVS] cvs: php-src /ext/soap php_sdl.c

Fri, 23 Nov 2007 02:03:08 -0800 

dmitry          Fri Nov 23 10:02:53 2007 UTC

  Modified files:              
    /php-src/ext/soap   php_sdl.c 
  Log:
  Fixed bug #42952 (soap cache file is created with insecure permissions)
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_sdl.c?r1=1.109&r2=1.110&diff_format=u
Index: php-src/ext/soap/php_sdl.c
diff -u php-src/ext/soap/php_sdl.c:1.109 php-src/ext/soap/php_sdl.c:1.110
--- php-src/ext/soap/php_sdl.c:1.109    Mon May 21 13:14:02 2007
+++ php-src/ext/soap/php_sdl.c  Fri Nov 23 10:02:53 2007
@@ -17,7 +17,7 @@
   |          Dmitry Stogov <[EMAIL PROTECTED]>                             |
   +----------------------------------------------------------------------+
 */
-/* $Id: php_sdl.c,v 1.109 2007/05/21 13:14:02 dmitry Exp $ */
+/* $Id: php_sdl.c,v 1.110 2007/11/23 10:02:53 dmitry Exp $ */
 
 #include "php_soap.h"
 #include "ext/libxml/php_libxml.h"
@@ -2015,7 +2015,7 @@
 #ifdef ZEND_WIN32
        f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #else
-       f = 
open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE|S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP);
+       f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #endif
        if (f < 0) {return;}
 
@@ -3117,16 +3117,24 @@
                unsigned char digest[16];
                int len = strlen(SOAP_GLOBAL(cache_dir));
                time_t cached;
+               char *user = php_get_current_user();
+               int user_len = user ? strlen(user) + 1 : 0;
 
                md5str[0] = '\0';
                PHP_MD5Init(&context);
                PHP_MD5Update(&context, (unsigned char*)uri, uri_len);
                PHP_MD5Final(digest, &context);
                make_digest(md5str, digest);
-               key = emalloc(len+sizeof("/wsdl-")-1+sizeof(md5str));
+               key = emalloc(len+sizeof("/wsdl-")-1+user_len+sizeof(md5str));
                memcpy(key,SOAP_GLOBAL(cache_dir),len);
                memcpy(key+len,"/wsdl-",sizeof("/wsdl-")-1);
-               memcpy(key+len+sizeof("/wsdl-")-1,md5str,sizeof(md5str));
+               len += sizeof("/wsdl-")-1;
+               if (user_len) {
+                       memcpy(key+len, user, user_len-1);
+                       len += user_len-1;
+                       key[len++] = '-';
+               }
+               memcpy(key+len,md5str,sizeof(md5str));
 
                if ((sdl = get_sdl_from_cache(key, uri, 
t-SOAP_GLOBAL(cache_ttl), &cached TSRMLS_CC)) != NULL) {
                        t = cached;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to