iliaa Mon Oct 31 18:47:27 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-src NEWS
Log:
MFH: Additional open_basedir/safe_mode checks.
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.3&r2=1.124.2.30.2.4&ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.3
php-src/ext/curl/curl.c:1.124.2.30.2.4
--- php-src/ext/curl/curl.c:1.124.2.30.2.3 Sun Oct 16 22:42:51 2005
+++ php-src/ext/curl/curl.c Mon Oct 31 18:47:21 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.4 2005/10/31 23:47:21 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -76,7 +76,7 @@
RETURN_FALSE;
\
}
\
\
- if (tmp_url->query || php_check_open_basedir(tmp_url->path
TSRMLS_CC) ||
\
+ if (tmp_url->query || tmp_url->fragment ||
php_check_open_basedir(tmp_url->path TSRMLS_CC) ||
\
(PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+",
CHECKUID_CHECK_MODE_PARAM)) \
) {
\
php_url_free(tmp_url);
\
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.63&r2=1.1247.2.920.2.64&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.63 php-src/NEWS:1.1247.2.920.2.64
--- php-src/NEWS:1.1247.2.920.2.63 Sun Oct 30 05:55:20 2005
+++ php-src/NEWS Mon Oct 31 18:47:24 2005
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2006, Version 4.4.2
+- Missing safe_mode/open_basedir check in cURL extension. (Ilia)
- Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is
zero). (Tony)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
