main safe_mode.c safe_mode.h

Sara Golemon Thu, 09 Jan 2003 14:29:07 -0800

pollita         Thu Jan  9 17:29:03 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4/ext/standard  filestat.c 
    /php4/main  safe_mode.c safe_mode.h 
  Log:
  MFH
  
  
Index: php4/ext/standard/filestat.c
diff -u php4/ext/standard/filestat.c:1.112.2.2 php4/ext/standard/filestat.c:1.112.2.3
--- php4/ext/standard/filestat.c:1.112.2.2      Tue Dec 31 11:35:27 2002
+++ php4/ext/standard/filestat.c        Thu Jan  9 17:29:02 2003
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: filestat.c,v 1.112.2.2 2002/12/31 16:35:27 sebastian Exp $ */
+/* $Id: filestat.c,v 1.112.2.3 2003/01/09 22:29:02 pollita Exp $ */
 
 #include "php.h"
 #include "safe_mode.h"
@@ -564,7 +564,7 @@
        char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev",
                              "size", "atime", "mtime", "ctime", "blksize", "blocks"};
 
-       if (PG(safe_mode) &&(!php_checkuid(filename, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+       if (PG(safe_mode) &&(!php_checkuid_ex(filename, NULL, 
+CHECKUID_CHECK_FILE_AND_DIR, IS_EXISTS_CHECK(type) ? CHECKUID_NO_ERRORS : 0))) {
                RETURN_FALSE;
        }
 
Index: php4/main/safe_mode.c
diff -u php4/main/safe_mode.c:1.51.2.1 php4/main/safe_mode.c:1.51.2.2
--- php4/main/safe_mode.c:1.51.2.1      Tue Dec 31 11:26:26 2002
+++ php4/main/safe_mode.c       Thu Jan  9 17:29:02 2003
@@ -15,7 +15,7 @@
    | Author: Rasmus Lerdorf <[EMAIL PROTECTED]>                        |
    +----------------------------------------------------------------------+
  */
-/* $Id: safe_mode.c,v 1.51.2.1 2002/12/31 16:26:26 sebastian Exp $ */
+/* $Id: safe_mode.c,v 1.51.2.2 2003/01/09 22:29:02 pollita Exp $ */
 
 #include "php.h"
 
@@ -44,7 +44,7 @@
  * 5 - only check file
  */
 
-PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
+PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int 
+flags)
 {
        struct stat sb;
        int ret, nofile=0;
@@ -85,10 +85,14 @@
                ret = VCWD_STAT(path, &sb);
                if (ret < 0) {
                        if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
-                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
access %s", filename);
+                               if (flags & CHECKUID_NO_ERRORS == 0) {
+                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, 
+"Unable to access %s", filename);
+                               }
                                return 0;
                        } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) {
-                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
access %s", filename);
+                               if (flags & CHECKUID_NO_ERRORS == 0) {
+                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, 
+"Unable to access %s", filename);
+                               }
                                return 1;
                        }
                        nofile = 1;
@@ -129,7 +133,9 @@
                /* check directory */
                ret = VCWD_STAT(path, &sb);
                if (ret < 0) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access 
%s", filename);
+                       if (flags & CHECKUID_NO_ERRORS == 0) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to 
+access %s", filename);
+                       }
                        return 0;
                }
                duid = sb.st_uid;
@@ -162,15 +168,21 @@
                gid = dgid;
                filename = path;
        }
-       
-       if (PG(safe_mode_gid)) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in 
effect.  The script whose uid/gid is %ld/%ld is not allowed to access %s owned by 
uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
-       } else {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in 
effect.  The script whose uid is %ld is not allowed to access %s owned by uid %ld", 
php_getuid(), filename, uid);
-       }                       
+
+       if (flags & CHECKUID_NO_ERRORS == 0) {
+               if (PG(safe_mode_gid)) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE 
+Restriction in effect.  The script whose uid/gid is %ld/%ld is not allowed to access 
+%s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
+               } else {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE 
+Restriction in effect.  The script whose uid is %ld is not allowed to access %s owned 
+by uid %ld", php_getuid(), filename, uid);
+               }                       
+       }
+
        return 0;
 }
 
+PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) {
+       return php_checkuid_ex(filename, fopen_mode, mode, 0);
+}
 
 PHPAPI char *php_get_current_user()
 {
Index: php4/main/safe_mode.h
diff -u php4/main/safe_mode.h:1.7 php4/main/safe_mode.h:1.7.10.1
--- php4/main/safe_mode.h:1.7   Fri Jul 13 14:21:21 2001
+++ php4/main/safe_mode.h       Thu Jan  9 17:29:02 2003
@@ -9,7 +9,11 @@
 #define CHECKUID_CHECK_MODE_PARAM 4
 #define CHECKUID_ALLOW_ONLY_FILE 5
 
+/* flags for php_checkuid_ex() */
+#define CHECKUID_NO_ERRORS     0x01
+
 extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode);
+extern PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, 
+int flags);
 extern PHPAPI char *php_get_current_user(void);
 
 #endif




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php4(PHP_4_3) /ext/standard filestat.c /main safe_mode.c safe_mode.h

Reply via email to