Hmm... you're right, will revert.
Ilia
Rob Richards wrote:
Why are the safe_mode checkes required here? As this uses PHP streams, the safe_mode and open_basedir checks should be done from the php_libxml_streams_IO_open_wrapper function which gets called from the libxml2 I/O callbacks. Are these checks somehow getting bypassed?
Rob
Ilia Alshanetsky wrote:
iliaa Sun Apr 17 14:05:04 2005 EDT
Modified files: /php-src/ext/xmlreader php_xmlreader.c Log:
Added missing safe_mode & open_basedir checks.
http://cvs.php.net/diff.php/php-src/ext/xmlreader/php_xmlreader.c?r1=1.9&r2=1.10&ty=u
Index: php-src/ext/xmlreader/php_xmlreader.c
diff -u php-src/ext/xmlreader/php_xmlreader.c:1.9 php-src/ext/xmlreader/php_xmlreader.c:1.10
--- php-src/ext/xmlreader/php_xmlreader.c:1.9 Thu Mar 10 17:32:47 2005
+++ php-src/ext/xmlreader/php_xmlreader.c Sun Apr 17 14:05:03 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_xmlreader.c,v 1.9 2005/03/10 22:32:47 rrichards Exp $ */ +/* $Id: php_xmlreader.c,v 1.10 2005/04/17 18:05:03 iliaa Exp $ */
#ifdef HAVE_CONFIG_H #include "config.h" @@ -229,6 +229,14 @@
xmlFreeURI(uri);
+ if (PG(safe_mode) && (!php_checkuid(file_dest, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ return NULL;
+ }
+
+ if (php_check_open_basedir(file_dest TSRMLS_CC)) {
+ return NULL;
+ }
+
return file_dest;
}
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
