johannes                                 Thu, 11 Feb 2010 18:03:57 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294896

Log:
Merge 294882: Fixed safe_mode validation inside tempnam() when the directory
path does not end (iliaa)

Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/NEWS
    U   php/php-src/branches/PHP_5_3_2/ext/standard/file.c
    _U  php/php-src/branches/PHP_5_3_2/ext/tidy/tests/
    _U  
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt


Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292620,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293175-293176,293180,293216,293235,293253,293268,293341,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293974,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,29!
 4849,294854-294855,294866
/php/php-src/trunk:284726
   + 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292620,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293175-293176,293180,293216,293235,293253,293268,293341,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293974,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,29!
 4849,294854-294855,294866,294882
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_2/NEWS 2010-02-11 18:00:21 UTC (rev 294895)
+++ php/php-src/branches/PHP_5_3_2/NEWS 2010-02-11 18:03:57 UTC (rev 294896)
@@ -9,6 +9,8 @@
   (Ilia)
 - Added stream_resolve_include_path(). (Mikko)

+- Fixed safe_mode validation inside tempnam() when the directory path does
+  not end with a /). (Martin Jansen)
 - Fixed a possible open_basedir/safe_mode bypass in session extension
   identified by Grzegorz Stachowiak. (Ilia)
 - Fixed possible crash when a error/warning is raised during php startup.

Modified: php/php-src/branches/PHP_5_3_2/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/standard/file.c  2010-02-11 18:00:21 UTC 
(rev 294895)
+++ php/php-src/branches/PHP_5_3_2/ext/standard/file.c  2010-02-11 18:03:57 UTC 
(rev 294896)
@@ -836,7 +836,7 @@
                return;
        }

-       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }



Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292620,292635,292716,292719,292765,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866
/php/php-src/trunk/ext/tidy/tests:29815-29816,284726,287798-287941
   + 
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292620,292635,292716,292719,292765,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866,294882
/php/php-src/trunk/ext/tidy/tests:29815-29816,284726,287798-287941


Property changes on: 
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292620,292716,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:29815-29816,265951
   + 
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292620,292716,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866,294882
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:29815-29816,265951

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to