johannes Thu, 11 Feb 2010 18:03:57 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=294896
Log:
Merge 294882: Fixed safe_mode validation inside tempnam() when the directory
path does not end (iliaa)
Changed paths:
_U php/php-src/branches/PHP_5_3_2/
U php/php-src/branches/PHP_5_3_2/NEWS
U php/php-src/branches/PHP_5_3_2/ext/standard/file.c
_U php/php-src/branches/PHP_5_3_2/ext/tidy/tests/
_U
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292620,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293175-293176,293180,293216,293235,293253,293268,293341,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293974,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,29!
4849,294854-294855,294866
/php/php-src/trunk:284726
+
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292620,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293175-293176,293180,293216,293235,293253,293268,293341,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293974,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,29!
4849,294854-294855,294866,294882
/php/php-src/trunk:284726
Modified: php/php-src/branches/PHP_5_3_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_2/NEWS 2010-02-11 18:00:21 UTC (rev 294895)
+++ php/php-src/branches/PHP_5_3_2/NEWS 2010-02-11 18:03:57 UTC (rev 294896)
@@ -9,6 +9,8 @@
(Ilia)
- Added stream_resolve_include_path(). (Mikko)
+- Fixed safe_mode validation inside tempnam() when the directory path does
+ not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.
Modified: php/php-src/branches/PHP_5_3_2/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/standard/file.c 2010-02-11 18:00:21 UTC
(rev 294895)
+++ php/php-src/branches/PHP_5_3_2/ext/standard/file.c 2010-02-11 18:03:57 UTC
(rev 294896)
@@ -836,7 +836,7 @@
return;
}
- if (PG(safe_mode) &&(!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ if (PG(safe_mode) &&(!php_checkuid(dir, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292620,292635,292716,292719,292765,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866
/php/php-src/trunk/ext/tidy/tests:29815-29816,284726,287798-287941
+
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292620,292635,292716,292719,292765,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866,294882
/php/php-src/trunk/ext/tidy/tests:29815-29816,284726,287798-287941
Property changes on:
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
-
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292620,292716,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:29815-29816,265951
+
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292620,292716,293146,293152,293175-293176,293180,293216,293235,293253,293380,293400,293409,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293721,293726-293728,293730,293732,293735,293762,293768,293804,293815-293816,293862,293894,293896-293897,293901-293906,293917-293918,293965-293966,293976-293977,293985,293998,294040,294053,294075,294077-294078,294081,294089,294094,294100,294102,294104,294126-294127,294129,294164,294251-294253,294255,294259-294261,294265,294267,294269,294272,294278,294285,294302-294304,294307-294308,294310,294312-294313,294315,294317,294320-294323,294333-294336,294353,294418,294421,294487,294498,294532,294571,294695,294697,294724,294762,294814,294816,294825,294849,294854-294855,294866,294882
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:29815-29816,265951
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
