[PHP-CVS] cvs: php-src(PHP_5_1) / NEWS /ext/curl interface.c

Wed, 05 Oct 2005 07:35:44 -0700 

iliaa           Wed Oct  5 10:35:31 2005 EDT

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/curl   interface.c 
    /php-src    NEWS 
  Log:
  MFH: Missing safe_mode/open_basedir checks for file uploads.
  
  
http://cvs.php.net/diff.php/php-src/ext/curl/interface.c?r1=1.62&r2=1.62.2.1&ty=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.62 php-src/ext/curl/interface.c:1.62.2.1
--- php-src/ext/curl/interface.c:1.62   Wed Aug  3 10:06:44 2005
+++ php-src/ext/curl/interface.c        Wed Oct  5 10:35:30 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: interface.c,v 1.62 2005/08/03 14:06:44 sniper Exp $ */
+/* $Id: interface.c,v 1.62.2.1 2005/10/05 14:35:30 iliaa Exp $ */
 
 #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
 
@@ -1146,10 +1146,15 @@
                                         * must be explicitly cast to long in 
curl_formadd
                                         * use since curl needs a long not an 
int. */
                                        if (*postval == '@') {
+                                               ++postval;
+                                               /* safe_mode / open_basedir 
check */
+                                               if 
(php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && 
!php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+                                                       RETURN_FALSE;
+                                               }
                                                error = curl_formadd(&first, 
&last, 
                                                                                
         CURLFORM_COPYNAME, string_key,
                                                                                
         CURLFORM_NAMELENGTH, (long)string_key_len - 1,
-                                                                               
         CURLFORM_FILE, ++postval, 
+                                                                               
         CURLFORM_FILE, postval, 
                                                                                
         CURLFORM_END);
                                        } else {
                                                error = curl_formadd(&first, 
&last, 
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.2027.2.93&r2=1.2027.2.94&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.93 php-src/NEWS:1.2027.2.94
--- php-src/NEWS:1.2027.2.93    Tue Oct  4 20:43:38 2005
+++ php-src/NEWS        Wed Oct  5 10:35:30 2005
@@ -30,6 +30,7 @@
   . ext/oracle (Jani, Derick)
   . ext/ovrimos (Jani, Derick, Pierre)
   . ext/pfpro (Jani, Derick, Pierre)
+- Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
 - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
 - Fixed potential GLOBALS overwrite via import_request_variables() and
   possible crash and/or memory corruption. (Ilia)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to