iliaa Mon Oct 31 18:47:27 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/curl curl.c /php-src NEWS Log: MFH: Additional open_basedir/safe_mode checks. http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.3&r2=1.124.2.30.2.4&ty=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.3 php-src/ext/curl/curl.c:1.124.2.30.2.4 --- php-src/ext/curl/curl.c:1.124.2.30.2.3 Sun Oct 16 22:42:51 2005 +++ php-src/ext/curl/curl.c Mon Oct 31 18:47:21 2005 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.4 2005/10/31 23:47:21 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -76,7 +76,7 @@ RETURN_FALSE; \ } \ \ - if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ ) { \ php_url_free(tmp_url); \ http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.63&r2=1.1247.2.920.2.64&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.63 php-src/NEWS:1.1247.2.920.2.64 --- php-src/NEWS:1.1247.2.920.2.63 Sun Oct 30 05:55:20 2005 +++ php-src/NEWS Mon Oct 31 18:47:24 2005 @@ -1,6 +1,7 @@ PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2006, Version 4.4.2 +- Missing safe_mode/open_basedir check in cURL extension. (Ilia) - Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is zero). (Tony)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php