iliaa                                    Thu, 11 Feb 2010 12:32:21 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294882

Log:
Fixed safe_mode validation inside tempnam() when the directory path does not 
end with a /).

Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/standard/file.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/standard/file.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2010-02-11 11:18:34 UTC (rev 294881)
+++ php/php-src/branches/PHP_5_2/NEWS   2010-02-11 12:32:21 UTC (rev 294882)
@@ -1,7 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Feb 2010, PHP 5.2.13
+11 Feb 2010, PHP 5.2.13RC2
 - Downgrade bundled PCRE to version 7.9. (Ilia)
+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)


Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/file.c    2010-02-11 11:18:34 UTC 
(rev 294881)
+++ php/php-src/branches/PHP_5_2/ext/standard/file.c    2010-02-11 12:32:21 UTC 
(rev 294882)
@@ -828,7 +828,7 @@
        convert_to_string_ex(arg1);
        convert_to_string_ex(arg2);

-       if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+       if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }


Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-02-11 11:18:34 UTC (rev 294881)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-02-11 12:32:21 UTC (rev 294882)
@@ -15,6 +15,8 @@
 - Added stream filter support to mcrypt extension (ported from
   mcrypt_filter). (Stas)

+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 - Fixed possible crash when a error/warning is raised during php startup.

Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/file.c    2010-02-11 11:18:34 UTC 
(rev 294881)
+++ php/php-src/branches/PHP_5_3/ext/standard/file.c    2010-02-11 12:32:21 UTC 
(rev 294882)
@@ -836,7 +836,7 @@
                return;
        }

-       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to