rasmus Sun Feb 23 17:03:55 2003 EDT Modified files: (Branch: PHP_4_3) /php4/main fopen_wrappers.c streams.c Log: open_basedir fixes from David Saez Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.153.2.2 php4/main/fopen_wrappers.c:1.153.2.3 --- php4/main/fopen_wrappers.c:1.153.2.2 Tue Dec 31 11:25:01 2002 +++ php4/main/fopen_wrappers.c Sun Feb 23 17:03:54 2003 @@ -16,7 +16,7 @@ | Jim Winstead <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.c,v 1.153.2.2 2002/12/31 16:25:01 sebastian Exp $ */ +/* $Id: fopen_wrappers.c,v 1.153.2.3 2003/02/23 22:03:54 rasmus Exp $ */ /* {{{ includes */ @@ -192,7 +192,7 @@ ptr = end; } php_error_docref(NULL TSRMLS_CC, E_WARNING, - "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, pathbuf); + "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir)); efree(pathbuf); errno = EPERM; /* we deny permission to open it */ return -1; Index: php4/main/streams.c diff -u php4/main/streams.c:1.125.2.33 php4/main/streams.c:1.125.2.34 --- php4/main/streams.c:1.125.2.33 Fri Feb 21 21:43:58 2003 +++ php4/main/streams.c Sun Feb 23 17:03:54 2003 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: streams.c,v 1.125.2.33 2003/02/22 02:43:58 wez Exp $ */ +/* $Id: streams.c,v 1.125.2.34 2003/02/23 22:03:54 rasmus Exp $ */ #define _GNU_SOURCE #include "php.h" @@ -1763,6 +1763,12 @@ end++; } snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename); + + /* If file does not exist continue */ + if (VCWD_STAT(trypath, &sb) != 0) { + ptr = end; + continue; + } if (php_check_open_basedir(trypath TSRMLS_CC)) { stream = NULL; @@ -1770,17 +1776,15 @@ } if (PG(safe_mode)) { - if (VCWD_STAT(trypath, &sb) == 0) { - /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { - /* UID ok, or trypath is in safe_mode_include_dir */ - stream = php_stream_fopen_rel(trypath, mode, opened_path, options); - } else { - stream = NULL; - } - goto stream_done; + /* file exists ... check permission */ + if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || + php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { + /* UID ok, or trypath is in safe_mode_include_dir */ + stream = php_stream_fopen_rel(trypath, mode, opened_path, options); + } else { + stream = NULL; } + goto stream_done; } stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php