On Thu, 28 Oct 2004 12:07:50 -0400
Sean Coates <[EMAIL PROTECTED]> wrote:
> Is this legitimate?
> I took a (very) quick look at bugs, and didn't see it.
you can find patches for all branches in attachment.
comments are welcome.
--
Wbr,
Antony Dovgal aka tony2001
[EMAIL PROTECTED] || [EMAIL PROTECTED]
Index: ext/curl/interface.c
===================================================================
RCS file: /repository/php-src/ext/curl/interface.c,v
retrieving revision 1.46.2.4
diff -u -r1.46.2.4 interface.c
--- ext/curl/interface.c 18 Oct 2004 22:42:16 -0000 1.46.2.4
+++ ext/curl/interface.c 29 Oct 2004 06:45:23 -0000
@@ -808,8 +808,40 @@
if (argc > 0) {
char *urlcopy;
+ char *tmp;
+ int tmp_len;
+
convert_to_string_ex(url);
+
+ if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 7;
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
+ else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 16;
+
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
+
urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
zend_llist_add_element(&ch->to_free.str, &urlcopy);
Index: ext/curl/interface.c
===================================================================
RCS file: /repository/php-src/ext/curl/interface.c,v
retrieving revision 1.50
diff -u -r1.50 interface.c
--- ext/curl/interface.c 18 Oct 2004 22:41:24 -0000 1.50
+++ ext/curl/interface.c 29 Oct 2004 06:45:37 -0000
@@ -807,7 +807,39 @@
if (argc > 0) {
char *urlcopy;
+ char *tmp;
+ int tmp_len;
+
convert_to_string_ex(url);
+
+ if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 7;
+
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
+ else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 16;
+
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
Index: ext/curl/curl.c
===================================================================
RCS file: /repository/php-src/ext/curl/Attic/curl.c,v
retrieving revision 1.124.2.26
diff -u -r1.124.2.26 curl.c
--- ext/curl/curl.c 18 Oct 2004 22:43:29 -0000 1.124.2.26
+++ ext/curl/curl.c 29 Oct 2004 06:45:05 -0000
@@ -711,8 +711,40 @@
if (argc > 0) {
char *urlcopy;
+ char *tmp;
+ int tmp_len;
+
convert_to_string_ex(url);
+
+ if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 7;
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
+ else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) {
+ tmp_len = Z_STRLEN_PP(url) - 16;
+
+ tmp = emalloc(tmp_len + 1);
+ memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len);
+ tmp[tmp_len] = '\0';
+
+ if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) &&
!php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ efree(tmp);
+ RETURN_FALSE;
+ }
+
+ efree(tmp);
+ }
+
urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
zend_llist_add_element(&ch->to_free.str, &urlcopy);
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
