felipe Mon Jul 21 19:32:21 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/main safe_mode.c Log: - Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666. (patch by Christian Hoffmann) http://cvs.php.net/viewvc.cgi/php-src/main/safe_mode.c?r1=1.62.2.1.2.10.2.5&r2=1.62.2.1.2.10.2.6&diff_format=u Index: php-src/main/safe_mode.c diff -u php-src/main/safe_mode.c:1.62.2.1.2.10.2.5 php-src/main/safe_mode.c:1.62.2.1.2.10.2.6 --- php-src/main/safe_mode.c:1.62.2.1.2.10.2.5 Mon Dec 31 07:17:17 2007 +++ php-src/main/safe_mode.c Mon Jul 21 19:32:21 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: safe_mode.c,v 1.62.2.1.2.10.2.5 2007/12/31 07:17:17 sebastian Exp $ */ +/* $Id: safe_mode.c,v 1.62.2.1.2.10.2.6 2008/07/21 19:32:21 felipe Exp $ */ #include "php.h" @@ -73,14 +73,6 @@ mode = CHECKUID_CHECK_FILE_AND_DIR; } } - - /* - * If given filepath is a URL, allow - safe mode stuff - * related to URL's is checked in individual functions - */ - wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC); - if (wrapper != NULL) - return 1; /* First we see if the file is owned by the same user... * If that fails, passthrough and check directory...
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php