rasmus Tue, 29 Sep 2009 14:14:02 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=288945
Log:
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
Changed paths:
U php/php-src/branches/PHP_5_2/NEWS
U php/php-src/branches/PHP_5_2/ext/standard/file.c
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/standard/file.c
Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:14:02 UTC (rev 288945)
@@ -1,6 +1,10 @@
PHP
NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 20??, PHP 5.2.12
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+ (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+ Stachowiak. (Rasmus)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/file.c 2009-09-29 14:03:49 UTC
(rev 288944)
+++ php/php-src/branches/PHP_5_2/ext/standard/file.c 2009-09-29 14:14:02 UTC
(rev 288945)
@@ -838,6 +838,10 @@
convert_to_string_ex(arg1);
convert_to_string_ex(arg2);
+ if (PG(safe_mode) &&(!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
RETURN_FALSE;
}
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:14:02 UTC (rev 288945)
@@ -8,6 +8,10 @@
- Implemented FR #49253 (added support for libcurl's CERTINFO option).
(Linus Nielsen Feltzing <[email protected]>)
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+ (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+ Stachowiak. (Rasmus)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/file.c 2009-09-29 14:03:49 UTC
(rev 288944)
+++ php/php-src/branches/PHP_5_3/ext/standard/file.c 2009-09-29 14:14:02 UTC
(rev 288945)
@@ -846,6 +846,10 @@
return;
}
+ if (PG(safe_mode) &&(!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(dir TSRMLS_CC)) {
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
