iliaa Wed Oct 5 10:35:31 2005 EDT Modified files: (Branch: PHP_5_1) /php-src/ext/curl interface.c /php-src NEWS Log: MFH: Missing safe_mode/open_basedir checks for file uploads. http://cvs.php.net/diff.php/php-src/ext/curl/interface.c?r1=1.62&r2=1.62.2.1&ty=u Index: php-src/ext/curl/interface.c diff -u php-src/ext/curl/interface.c:1.62 php-src/ext/curl/interface.c:1.62.2.1 --- php-src/ext/curl/interface.c:1.62 Wed Aug 3 10:06:44 2005 +++ php-src/ext/curl/interface.c Wed Oct 5 10:35:30 2005 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: interface.c,v 1.62 2005/08/03 14:06:44 sniper Exp $ */ +/* $Id: interface.c,v 1.62.2.1 2005/10/05 14:35:30 iliaa Exp $ */ #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS @@ -1146,10 +1146,15 @@ * must be explicitly cast to long in curl_formadd * use since curl needs a long not an int. */ if (*postval == '@') { + ++postval; + /* safe_mode / open_basedir check */ + if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } error = curl_formadd(&first, &last, CURLFORM_COPYNAME, string_key, CURLFORM_NAMELENGTH, (long)string_key_len - 1, - CURLFORM_FILE, ++postval, + CURLFORM_FILE, postval, CURLFORM_END); } else { error = curl_formadd(&first, &last, http://cvs.php.net/diff.php/php-src/NEWS?r1=1.2027.2.93&r2=1.2027.2.94&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.93 php-src/NEWS:1.2027.2.94 --- php-src/NEWS:1.2027.2.93 Tue Oct 4 20:43:38 2005 +++ php-src/NEWS Wed Oct 5 10:35:30 2005 @@ -30,6 +30,7 @@ . ext/oracle (Jani, Derick) . ext/ovrimos (Jani, Derick, Pierre) . ext/pfpro (Jani, Derick, Pierre) +- Added missing safe_mode/open_basedir checks for file uploads. (Ilia) - Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia) - Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption. (Ilia)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php