php_fopen_wrapper.c

Johannes Schlüter Wed, 16 May 2012 07:52:14 -0700

Commit:    6e519895011ea3ef43ce62c1050e72337af94b79
Author:    Stanislav Malyshev <s...@php.net>         Tue, 15 May 2012 22:35:43 
-0700
Committer: Johannes Schlüter <johan...@php.net>      Wed, 16 May 2012 16:35:16 
+0200
Parents:   4eb802bb14b05b82573457bc0f528e61ca7ddc45
Branches:  PHP-5.3 PHP-5.4 master


Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=6e519895011ea3ef43ce62c1050e72337af94b79

Log:
fd fix

Changed paths:
  M  NEWS
  M  ext/standard/php_fopen_wrapper.c


Diff:
diff --git a/NEWS b/NEWS
index 1057db7..990cc65 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,7 @@ PHP                                                           
             NEWS
   . Fixed bug #61713 (Logic error in charset detection for htmlentities).
     (Anatoliy)
   . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
+  . Changed php://fd to be available only for CLI.
 
 - Fileinfo:
   . Fixed bug #61812 (Uninitialised value used in libmagic). 
@@ -35,6 +36,9 @@ PHP                                                           
             NEWS
   . Fixed bug #61755 (A parsing bug in the prepared statements can lead to
     access violations). (Johannes)
 
+- Phar:
+  . Fix bug #61065 (Secunia SA44335). (Rasmus)
+
 - Iconv extension:
   . Fixed a bug that iconv extension fails to link to the correct library
     when another extension makes use of a library that links to the iconv
diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c
index a831dd1..b51aaa2 100644
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@@ -263,6 +263,20 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper 
*wrapper, char *path, ch
                long       fildes_ori;
                int                dtablesize;
 
+               if (strcmp(sapi_module.name, "cli")) {
+                       if (options & REPORT_ERRORS) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Direct access to file descriptors is only available from command-line PHP");
+                       }
+                       return NULL;
+               }
+
+               if ((options & STREAM_OPEN_FOR_INCLUDE) && 
!PG(allow_url_include) ) {
+                       if (options & REPORT_ERRORS) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"URL file-access is disabled in the server configuration");
+                       }
+                       return NULL;
+               }
+
                start = &path[3];
                fildes_ori = strtol(start, &end, 10);
                if (end == start || *end != '\0') {


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] com php-src: fd fix: NEWS ext/standard/php_fopen_wrapper.c

Advertising

Reply via email to