felipe Mon Jul 21 19:32:21 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/main safe_mode.c
Log:
- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
(patch by Christian Hoffmann)
http://cvs.php.net/viewvc.cgi/php-src/main/safe_mode.c?r1=1.62.2.1.2.10.2.5&r2=1.62.2.1.2.10.2.6&diff_format=u
Index: php-src/main/safe_mode.c
diff -u php-src/main/safe_mode.c:1.62.2.1.2.10.2.5
php-src/main/safe_mode.c:1.62.2.1.2.10.2.6
--- php-src/main/safe_mode.c:1.62.2.1.2.10.2.5 Mon Dec 31 07:17:17 2007
+++ php-src/main/safe_mode.c Mon Jul 21 19:32:21 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: safe_mode.c,v 1.62.2.1.2.10.2.5 2007/12/31 07:17:17 sebastian Exp $ */
+/* $Id: safe_mode.c,v 1.62.2.1.2.10.2.6 2008/07/21 19:32:21 felipe Exp $ */
#include "php.h"
@@ -73,14 +73,6 @@
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
-
- /*
- * If given filepath is a URL, allow - safe mode stuff
- * related to URL's is checked in individual functions
- */
- wrapper = php_stream_locate_url_wrapper(filename, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
- if (wrapper != NULL)
- return 1;
/* First we see if the file is owned by the same user...
* If that fails, passthrough and check directory...
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
