pajoye Thu Apr 30 15:25:37 2009 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/standard exec.c Log: - MFB: #45997, safe_mode bypass with exec/sytem/passthru (windows only) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.16&r2=1.113.2.3.2.1.2.17&diff_format=u Index: php-src/ext/standard/exec.c diff -u php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16 php-src/ext/standard/exec.c:1.113.2.3.2.1.2.17 --- php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16 Sun Apr 19 14:59:52 2009 +++ php-src/ext/standard/exec.c Thu Apr 30 15:25:37 2009 @@ -16,7 +16,7 @@ | Ilia Alshanetsky <il...@php.net> | +----------------------------------------------------------------------+ */ -/* $Id: exec.c,v 1.113.2.3.2.1.2.16 2009/04/19 14:59:52 iliaa Exp $ */ +/* $Id: exec.c,v 1.113.2.3.2.1.2.17 2009/04/30 15:25:37 pajoye Exp $ */ #include <stdio.h> #include "php.h" @@ -79,7 +79,16 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' components allowed in path"); goto err; } + b = strrchr(cmd, PHP_DIR_SEPARATOR); + +#ifdef PHP_WIN32 + if (b && *b == '\\' && b == cmd) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid absolute path."); + goto err; + } +#endif + spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : cmd), (c ? " " : ""), (c ? c : "")); if (c) { *(c - 1) = ' ';
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php