iliaa Sun Nov 10 00:14:27 2002 EDT Modified files: /php4/main streams.c Log: Fixed a bug that in many situations would cause open_basedir restriction to be bypassed. Most notable exception, is the inclusion of files via include(), with a partial path. Index: php4/main/streams.c diff -u php4/main/streams.c:1.124 php4/main/streams.c:1.125 --- php4/main/streams.c:1.124 Tue Nov 5 19:15:24 2002 +++ php4/main/streams.c Sun Nov 10 00:14:26 2002 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: streams.c,v 1.124 2002/11/06 00:15:24 helly Exp $ */ +/* $Id: streams.c,v 1.125 2002/11/10 05:14:26 iliaa Exp $ */ #define _GNU_SOURCE #include "php.h" @@ -1626,26 +1626,28 @@ end++; } snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename); + + if (php_check_open_basedir(trypath TSRMLS_CC)) { + stream = NULL; + goto stream_done; + } + if (PG(safe_mode)) { if (VCWD_STAT(trypath, &sb) == 0) { /* file exists ... check permission */ - - if (php_check_open_basedir(trypath TSRMLS_CC)) { - stream = NULL; - } else if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || + if ((php_check_safe_mode_include_dir(trypath +TSRMLS_CC) == 0) || php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { /* UID ok, or trypath is in safe_mode_include_dir */ stream = php_stream_fopen_rel(trypath, mode, opened_path, options); } else { stream = NULL; } - - efree(pathbuf); - return stream; + goto stream_done; } } stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { + stream_done: efree(pathbuf); return stream; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php