sniper Mon Mar 14 04:03:11 2005 EDT Modified files: (Branch: PHP_4_3) /php-src NEWS /php-src/ext/curl curl.c Log: MFH: - Fixed bug #30609 (cURL functions bypass open_basedir) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.854&r2=1.1247.2.855&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.854 php-src/NEWS:1.1247.2.855 --- php-src/NEWS:1.1247.2.854 Sun Mar 13 15:18:42 2005 +++ php-src/NEWS Mon Mar 14 04:03:08 2005 @@ -77,6 +77,7 @@ - Fixed bug #31055 (apache2filter: per request leak proportional to the full path of the request URI). (kameshj at fastmail dot fm) - Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia) +- Fixed bug #30609 (cURL functions bypass open_basedir). (Jani) - Fixed bug #30446 (apache2handler: virtual() includes files out of sequence) - Fixed bug #30430 (odbc_next_result() doesn't bind values and that results in segfault). (pdan-php at esync dot org, Tony) http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.28&r2=1.124.2.29&ty=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.28 php-src/ext/curl/curl.c:1.124.2.29 --- php-src/ext/curl/curl.c:1.124.2.28 Thu Jan 6 05:34:03 2005 +++ php-src/ext/curl/curl.c Mon Mar 14 04:03:09 2005 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: curl.c,v 1.124.2.28 2005/01/06 10:34:03 jorton Exp $ */ +/* $Id: curl.c,v 1.124.2.29 2005/03/14 09:03:09 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -50,6 +50,7 @@ #include "ext/standard/php_smart_str.h" #include "ext/standard/info.h" #include "ext/standard/file.h" +#include "ext/standard/url.h" #include "php_curl.h" static int le_curl; @@ -64,6 +65,26 @@ #define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s), (char *) v, 1); #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); +#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ + if (PG(open_basedir) && *PG(open_basedir) && \ + strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ + { \ + php_url *tmp_url; \ + \ + if (!(tmp_url = php_url_parse_ex(str, len))) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str); \ + RETURN_FALSE; \ + } \ + \ + if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ + ) { \ + php_url_free(tmp_url); \ + RETURN_FALSE; \ + } \ + php_url_free(tmp_url); \ + } + /* {{{ curl_functions[] */ function_entry curl_functions[] = { @@ -682,6 +703,11 @@ WRONG_PARAM_COUNT; } + if (argc > 0) { + convert_to_string_ex(url); + PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); + } + alloc_curl_handle(&ch); ch->cp = curl_easy_init(); @@ -712,7 +738,6 @@ if (argc > 0) { char *urlcopy; - convert_to_string_ex(url); urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); @@ -724,7 +749,7 @@ } /* }}} */ -/* {{{ proto bool curl_setopt(resource ch, string option, mixed value) +/* {{{ proto bool curl_setopt(resource ch, int option, mixed value) Set an option for a CURL transfer */ PHP_FUNCTION(curl_setopt) { @@ -819,8 +844,12 @@ char *copystr = NULL; convert_to_string_ex(zvalue); - copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + if (option == CURLOPT_URL) { + PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + } + + copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); error = curl_easy_setopt(ch->cp, option, copystr); zend_llist_add_element(&ch->to_free.str, ©str);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php