[PHP-CVS] cvs: php-src /ext/gd gd.c gd_ctx.c php_gd.h

Tue, 01 Nov 2005 09:04:53 -0800 

sniper          Tue Nov  1 12:04:32 2005 EDT

  Modified files:              
    /php-src/ext/gd     gd.c gd_ctx.c php_gd.h 
  Log:
  
  
http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.318&r2=1.319&ty=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.318 php-src/ext/gd/gd.c:1.319
--- php-src/ext/gd/gd.c:1.318   Thu Oct 27 07:07:39 2005
+++ php-src/ext/gd/gd.c Tue Nov  1 12:04:27 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd.c,v 1.318 2005/10/27 11:07:39 pajoye Exp $ */
+/* $Id: gd.c,v 1.319 2005/11/01 17:04:27 sniper Exp $ */
 
 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -692,7 +692,7 @@
 
        convert_to_string_ex(file);
 
-       stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | 
IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+       stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", 
ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
        if (stream == NULL) {
                RETURN_FALSE;
        }
@@ -1505,7 +1505,7 @@
 
        fn = Z_STRVAL_PP(file);
 
-       stream = php_stream_open_wrapper(fn, "rb", 
REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+       stream = php_stream_open_wrapper(fn, "rb", 
ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
        if (stream == NULL)     {
                RETURN_FALSE;
        }
@@ -1713,10 +1713,7 @@
        }
 
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || 
(PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
filename '%s'", fn);
-                       RETURN_FALSE;
-               }
+               PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
 
                fp = VCWD_FOPEN(fn, "wb");
                if (!fp) {
@@ -3809,16 +3806,10 @@
        }
 
        /* Check origin file */
-       if (!fn_org || php_check_open_basedir(fn_org TSRMLS_CC)) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin 
filename '%s'", fn_org);
-               RETURN_FALSE;
-       }
+       PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");
 
        /* Check destination file */
-       if (!fn_dest || php_check_open_basedir(fn_dest TSRMLS_CC)) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
destination filename '%s'", fn_dest);
-               RETURN_FALSE;
-       }
+       PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");
 
        /* Open origin file */
        org = VCWD_FOPEN(fn_org, "rb");
http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.24&r2=1.25&ty=u
Index: php-src/ext/gd/gd_ctx.c
diff -u php-src/ext/gd/gd_ctx.c:1.24 php-src/ext/gd/gd_ctx.c:1.25
--- php-src/ext/gd/gd_ctx.c:1.24        Sat Oct  8 15:29:04 2005
+++ php-src/ext/gd/gd_ctx.c     Tue Nov  1 12:04:29 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd_ctx.c,v 1.24 2005/10/08 19:29:04 pajoye Exp $ */
+/* $Id: gd_ctx.c,v 1.25 2005/11/01 17:04:29 sniper Exp $ */
 
 #include "php_gd.h"
 
@@ -81,10 +81,8 @@
                }
        }
        if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-               if (!fn || php_check_open_basedir(fn TSRMLS_CC) || 
(PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
filename '%s'", fn);
-                       RETURN_FALSE;
-               }
+
+               PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
 
                fp = VCWD_FOPEN(fn, "wb");
                if (!fp) {
http://cvs.php.net/diff.php/php-src/ext/gd/php_gd.h?r1=1.60&r2=1.61&ty=u
Index: php-src/ext/gd/php_gd.h
diff -u php-src/ext/gd/php_gd.h:1.60 php-src/ext/gd/php_gd.h:1.61
--- php-src/ext/gd/php_gd.h:1.60        Sun Oct  2 14:01:50 2005
+++ php-src/ext/gd/php_gd.h     Tue Nov  1 12:04:29 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: php_gd.h,v 1.60 2005/10/02 18:01:50 pajoye Exp $ */
+/* $Id: php_gd.h,v 1.61 2005/11/01 17:04:29 sniper Exp $ */
 
 #ifndef PHP_GD_H
 #define PHP_GD_H
@@ -30,6 +30,15 @@
 
 #if HAVE_LIBGD
 
+/* open_basedir and safe_mode checks */
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg)                          
         \
+       if (!filename || php_check_open_basedir(filename TSRMLS_CC) ||          
            \
+               (PG(safe_mode) && !php_checkuid(filename, "rb+", 
CHECKUID_CHECK_FILE_AND_DIR))  \
+       ) {                                                                     
            \
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg);          
                \
+               RETURN_FALSE;                                                   
                \
+       }
+
 #define PHP_GDIMG_TYPE_GIF      1
 #define PHP_GDIMG_TYPE_PNG      2
 #define PHP_GDIMG_TYPE_JPG      3

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to