[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c

Sat, 21 May 2005 13:27:40 -0700 

rasmus          Sat May 21 15:46:35 2005 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src    NEWS 
    /php-src/ext/session        session.c 
  Log:
  Fixed bug #33072 - Add a safemode/open_basedir check for runtime save_path 
  change
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.908&r2=1.1247.2.909&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.908 php-src/NEWS:1.1247.2.909
--- php-src/NEWS:1.1247.2.908   Fri May 20 07:15:33 2005
+++ php-src/NEWS        Sat May 21 15:46:32 2005
@@ -7,6 +7,8 @@
   them sort based on the current locale. (Derick)
 - Changed sha1_file() and md5_file() functions to use streams instead of 
   low level IO. (Uwe)
+- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path 
+  change) (Rasmus)
 - Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
   RFC 2616 section 10.3.5) (Rasmus, Choitel)
 - Fixed bug #33019 (socket errors cause memory leaks in php_strerror()). 
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.51&r2=1.336.2.52&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.51 
php-src/ext/session/session.c:1.336.2.52
--- php-src/ext/session/session.c:1.336.2.51    Fri May 20 06:28:35 2005
+++ php-src/ext/session/session.c       Sat May 21 15:46:34 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.336.2.51 2005/05/20 10:28:35 tony2001 Exp $ */
+/* $Id: session.c,v 1.336.2.52 2005/05/21 19:46:34 rasmus Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -117,6 +117,19 @@
        return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateSaveDir) {
+       /* Only do the safemode/open_basedir check at runtime */
+       if(stage == PHP_INI_STAGE_RUNTIME) {
+               if (PG(safe_mode) && (!php_checkuid(new_value, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+                       return FAILURE;
+               }
+
+               if (php_check_open_basedir(new_value TSRMLS_CC)) {
+                       return FAILURE;
+               }
+       }
+       OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, 
mh_arg3, stage TSRMLS_CC);
+}
 
 /* {{{ PHP_INI
  */
@@ -124,9 +137,9 @@
        STD_PHP_INI_BOOLEAN("session.bug_compat_42",    "1",         
PHP_INI_ALL, OnUpdateBool,   bug_compat,         php_ps_globals,    ps_globals)
        STD_PHP_INI_BOOLEAN("session.bug_compat_warn",  "1",         
PHP_INI_ALL, OnUpdateBool,   bug_compat_warn,    php_ps_globals,    ps_globals)
 #ifdef PHP_WIN32
-       STD_PHP_INI_ENTRY("session.save_path",          "",      PHP_INI_ALL, 
OnUpdateString, save_path,          php_ps_globals,    ps_globals)
+       STD_PHP_INI_ENTRY("session.save_path",          "",          
PHP_INI_ALL, OnUpdateSaveDir,save_path,          php_ps_globals,    ps_globals)
 #else
-       STD_PHP_INI_ENTRY("session.save_path",          "/tmp",      
PHP_INI_ALL, OnUpdateString, save_path,          php_ps_globals,    ps_globals)
+       STD_PHP_INI_ENTRY("session.save_path",          "/tmp",      
PHP_INI_ALL, OnUpdateSaveDir,save_path,          php_ps_globals,    ps_globals)
 #endif
        STD_PHP_INI_ENTRY("session.name",               "PHPSESSID", 
PHP_INI_ALL, OnUpdateString, session_name,       php_ps_globals,    ps_globals)
        PHP_INI_ENTRY("session.save_handler",           "files",     
PHP_INI_ALL, OnUpdateSaveHandler)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to