[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/standard/file.c PHP_5_3/NEWS PHP_5_3/ext/standard/file.c
iliaaThu, 11 Feb 2010 12:32:21 + Revision: http://svn.php.net/viewvc?view=revisionrevision=294882 Log: Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/file.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/file.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-02-11 11:18:34 UTC (rev 294881) +++ php/php-src/branches/PHP_5_2/NEWS 2010-02-11 12:32:21 UTC (rev 294882) @@ -1,7 +1,9 @@ PHPNEWS ||| -?? Feb 2010, PHP 5.2.13 +11 Feb 2010, PHP 5.2.13RC2 - Downgrade bundled PCRE to version 7.9. (Ilia) +- Fixed safe_mode validation inside tempnam() when the directory path does + not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c === --- php/php-src/branches/PHP_5_2/ext/standard/file.c2010-02-11 11:18:34 UTC (rev 294881) +++ php/php-src/branches/PHP_5_2/ext/standard/file.c2010-02-11 12:32:21 UTC (rev 294882) @@ -828,7 +828,7 @@ convert_to_string_ex(arg1); convert_to_string_ex(arg2); - if (PG(safe_mode) (!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) { + if (PG(safe_mode) (!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { RETURN_FALSE; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-02-11 11:18:34 UTC (rev 294881) +++ php/php-src/branches/PHP_5_3/NEWS 2010-02-11 12:32:21 UTC (rev 294882) @@ -15,6 +15,8 @@ - Added stream filter support to mcrypt extension (ported from mcrypt_filter). (Stas) +- Fixed safe_mode validation inside tempnam() when the directory path does + not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) - Fixed possible crash when a error/warning is raised during php startup. Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c === --- php/php-src/branches/PHP_5_3/ext/standard/file.c2010-02-11 11:18:34 UTC (rev 294881) +++ php/php-src/branches/PHP_5_3/ext/standard/file.c2010-02-11 12:32:21 UTC (rev 294882) @@ -836,7 +836,7 @@ return; } - if (PG(safe_mode) (!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + if (PG(safe_mode) (!php_checkuid(dir, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/standard/file.c PHP_5_3/NEWS PHP_5_3/ext/standard/file.c
rasmus Tue, 29 Sep 2009 14:14:02 + Revision: http://svn.php.net/viewvc?view=revisionrevision=288945 Log: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/file.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/file.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:14:02 UTC (rev 288945) @@ -1,6 +1,10 @@ PHP NEWS ||| ?? ??? 20??, PHP 5.2.12 +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) - Fixed bug #49647 (DOMUserData does not exist). (Rob) - Fixed bug #49630 (imap_listscan function missing). (Felipe) Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c === --- php/php-src/branches/PHP_5_2/ext/standard/file.c2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_2/ext/standard/file.c2009-09-29 14:14:02 UTC (rev 288945) @@ -838,6 +838,10 @@ convert_to_string_ex(arg1); convert_to_string_ex(arg2); + if (PG(safe_mode) (!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + RETURN_FALSE; + } + if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) { RETURN_FALSE; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:14:02 UTC (rev 288945) @@ -8,6 +8,10 @@ - Implemented FR #49253 (added support for libcurl's CERTINFO option). (Linus Nielsen Feltzing li...@haxx.se) +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) - Fixed bug #49647 (DOMUserData does not exist). (Rob) - Fixed bug #49630 (imap_listscan function missing). (Felipe) Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c === --- php/php-src/branches/PHP_5_3/ext/standard/file.c2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_3/ext/standard/file.c2009-09-29 14:14:02 UTC (rev 288945) @@ -846,6 +846,10 @@ return; } + if (PG(safe_mode) (!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + RETURN_FALSE; + } + if (php_check_open_basedir(dir TSRMLS_CC)) { RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php