Yeah yeah I'm doing some tests on them here before I commit them. No worries, I've seen your messages :)
On 14 Feb 2002, Lars Torben Wilson wrote: > Could someone check these out and commit them (or similar)? At > the moment, odbc_execute() allows any script to view any file > without regard to safe_mode or open_basedir, and also under > certain circumstances can corrupt its parameters. See Bug #15516 > for more info. It may be desirable to change this mechanism > entirely, since presently you can't use odbc replaceable params > to enter strings which start and end with quotes. > > If these changes are not suitable, could someone email me a > comment explaining why? Thanks... > > Index: php_odbc.c > =================================================================== > RCS file: /repository/php4/ext/odbc/php_odbc.c,v > retrieving revision 1.115 > diff -u -r1.115 php_odbc.c > --- php_odbc.c 30 Jan 2002 21:54:54 -0000 1.115 > +++ php_odbc.c 13 Feb 2002 08:52:27 -0000 > @@ -943,12 +943,23 @@ > else > ctype = SQL_C_CHAR; > > - if (Z_STRVAL_PP(tmp)[0] == '\'' && > + if (Z_STRLEN_PP(tmp) > 2 && > + Z_STRVAL_PP(tmp)[0] == '\'' && > Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') { > - filename = &Z_STRVAL_PP(tmp)[1]; > - filename[Z_STRLEN_PP(tmp) - 2] = '\0'; > + filename = estrndup(&Z_STRVAL_PP(tmp)[1], >Z_STRLEN_PP(tmp) - 2); > + filename[strlen(filename)] = '\0'; > > - if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) { > + /* Check for safe mode. */ > + if (PG(safe_mode) &&(!php_checkuid(filename, NULL, > CHECKUID_CHECK_FILE_AND_DIR))) { > + RETURN_FALSE; > + } > + > + /* Check the basedir */ > + if (php_check_open_basedir(filename TSRMLS_CC)) { > + RETURN_FALSE; > + } > + > + if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) { > php_error(E_WARNING,"Can't open file %s", >filename); > SQLFreeStmt(result->stmt, SQL_RESET_PARAMS); > for(i = 0; i < result->numparams; i++) { > @@ -957,8 +968,11 @@ > } > } > efree(params); > + efree(filename); > RETURN_FALSE; > } > + > + efree(filename); > > params[i-1].vallen = SQL_LEN_DATA_AT_EXEC(0); > > > > > > >---------------------------------------------------------------< Dan Kalowsky "Tonight I think I'll walk alone. http://www.deadmime.org/~dank I'll find soul as I go home." [EMAIL PROTECTED] - "Temptation", New Order -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php