[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/standard/file.c PHP_5_3/NEWS PHP_5_3/ext/standard/file.c
iliaaThu, 11 Feb 2010 12:32:21 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=294882
Log:
Fixed safe_mode validation inside tempnam() when the directory path does not
end with a /).
Changed paths:
U php/php-src/branches/PHP_5_2/NEWS
U php/php-src/branches/PHP_5_2/ext/standard/file.c
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/standard/file.c
Modified: php/php-src/branches/PHP_5_2/NEWS
===
--- php/php-src/branches/PHP_5_2/NEWS 2010-02-11 11:18:34 UTC (rev 294881)
+++ php/php-src/branches/PHP_5_2/NEWS 2010-02-11 12:32:21 UTC (rev 294882)
@@ -1,7 +1,9 @@
PHPNEWS
|||
-?? Feb 2010, PHP 5.2.13
+11 Feb 2010, PHP 5.2.13RC2
- Downgrade bundled PCRE to version 7.9. (Ilia)
+- Fixed safe_mode validation inside tempnam() when the directory path does
+ not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c
===
--- php/php-src/branches/PHP_5_2/ext/standard/file.c2010-02-11 11:18:34 UTC
(rev 294881)
+++ php/php-src/branches/PHP_5_2/ext/standard/file.c2010-02-11 12:32:21 UTC
(rev 294882)
@@ -828,7 +828,7 @@
convert_to_string_ex(arg1);
convert_to_string_ex(arg2);
- if (PG(safe_mode) (!php_checkuid(Z_STRVAL_PP(arg1), NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ if (PG(safe_mode) (!php_checkuid(Z_STRVAL_PP(arg1), NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2010-02-11 11:18:34 UTC (rev 294881)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-02-11 12:32:21 UTC (rev 294882)
@@ -15,6 +15,8 @@
- Added stream filter support to mcrypt extension (ported from
mcrypt_filter). (Stas)
+- Fixed safe_mode validation inside tempnam() when the directory path does
+ not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
- Fixed possible crash when a error/warning is raised during php startup.
Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c
===
--- php/php-src/branches/PHP_5_3/ext/standard/file.c2010-02-11 11:18:34 UTC
(rev 294881)
+++ php/php-src/branches/PHP_5_3/ext/standard/file.c2010-02-11 12:32:21 UTC
(rev 294882)
@@ -836,7 +836,7 @@
return;
}
- if (PG(safe_mode) (!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ if (PG(safe_mode) (!php_checkuid(dir, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/standard/file.c PHP_5_3/NEWS PHP_5_3/ext/standard/file.c
rasmus Tue, 29 Sep 2009 14:14:02 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=288945
Log:
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
Changed paths:
U php/php-src/branches/PHP_5_2/NEWS
U php/php-src/branches/PHP_5_2/ext/standard/file.c
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/standard/file.c
Modified: php/php-src/branches/PHP_5_2/NEWS
===
--- php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:14:02 UTC (rev 288945)
@@ -1,6 +1,10 @@
PHP
NEWS
|||
?? ??? 20??, PHP 5.2.12
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+ (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+ Stachowiak. (Rasmus)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c
===
--- php/php-src/branches/PHP_5_2/ext/standard/file.c2009-09-29 14:03:49 UTC
(rev 288944)
+++ php/php-src/branches/PHP_5_2/ext/standard/file.c2009-09-29 14:14:02 UTC
(rev 288945)
@@ -838,6 +838,10 @@
convert_to_string_ex(arg1);
convert_to_string_ex(arg2);
+ if (PG(safe_mode) (!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
RETURN_FALSE;
}
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:14:02 UTC (rev 288945)
@@ -8,6 +8,10 @@
- Implemented FR #49253 (added support for libcurl's CERTINFO option).
(Linus Nielsen Feltzing li...@haxx.se)
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+ (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+ Stachowiak. (Rasmus)
- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
- Fixed bug #49647 (DOMUserData does not exist). (Rob)
- Fixed bug #49630 (imap_listscan function missing). (Felipe)
Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c
===
--- php/php-src/branches/PHP_5_3/ext/standard/file.c2009-09-29 14:03:49 UTC
(rev 288944)
+++ php/php-src/branches/PHP_5_3/ext/standard/file.c2009-09-29 14:14:02 UTC
(rev 288945)
@@ -846,6 +846,10 @@
return;
}
+ if (PG(safe_mode) (!php_checkuid(dir, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(dir TSRMLS_CC)) {
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
