sniper Tue Nov 1 12:04:32 2005 EDT Modified files: /php-src/ext/gd gd.c gd_ctx.c php_gd.h Log: http://cvs.php.net/diff.php/php-src/ext/gd/gd.c?r1=1.318&r2=1.319&ty=u Index: php-src/ext/gd/gd.c diff -u php-src/ext/gd/gd.c:1.318 php-src/ext/gd/gd.c:1.319 --- php-src/ext/gd/gd.c:1.318 Thu Oct 27 07:07:39 2005 +++ php-src/ext/gd/gd.c Tue Nov 1 12:04:27 2005 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: gd.c,v 1.318 2005/10/27 11:07:39 pajoye Exp $ */ +/* $Id: gd.c,v 1.319 2005/11/01 17:04:27 sniper Exp $ */ /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center, Cold Spring Harbor Labs. */ @@ -692,7 +692,7 @@ convert_to_string_ex(file); - stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -1505,7 +1505,7 @@ fn = Z_STRVAL_PP(file); - stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); + stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); if (stream == NULL) { RETURN_FALSE; } @@ -1713,10 +1713,7 @@ } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); fp = VCWD_FOPEN(fn, "wb"); if (!fp) { @@ -3809,16 +3806,10 @@ } /* Check origin file */ - if (!fn_org || php_check_open_basedir(fn_org TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename"); /* Check destination file */ - if (!fn_dest || php_check_open_basedir(fn_dest TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest); - RETURN_FALSE; - } + PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename"); /* Open origin file */ org = VCWD_FOPEN(fn_org, "rb"); http://cvs.php.net/diff.php/php-src/ext/gd/gd_ctx.c?r1=1.24&r2=1.25&ty=u Index: php-src/ext/gd/gd_ctx.c diff -u php-src/ext/gd/gd_ctx.c:1.24 php-src/ext/gd/gd_ctx.c:1.25 --- php-src/ext/gd/gd_ctx.c:1.24 Sat Oct 8 15:29:04 2005 +++ php-src/ext/gd/gd_ctx.c Tue Nov 1 12:04:29 2005 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: gd_ctx.c,v 1.24 2005/10/08 19:29:04 pajoye Exp $ */ +/* $Id: gd_ctx.c,v 1.25 2005/11/01 17:04:29 sniper Exp $ */ #include "php_gd.h" @@ -81,10 +81,8 @@ } } if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { - if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); - RETURN_FALSE; - } + + PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); fp = VCWD_FOPEN(fn, "wb"); if (!fp) { http://cvs.php.net/diff.php/php-src/ext/gd/php_gd.h?r1=1.60&r2=1.61&ty=u Index: php-src/ext/gd/php_gd.h diff -u php-src/ext/gd/php_gd.h:1.60 php-src/ext/gd/php_gd.h:1.61 --- php-src/ext/gd/php_gd.h:1.60 Sun Oct 2 14:01:50 2005 +++ php-src/ext/gd/php_gd.h Tue Nov 1 12:04:29 2005 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_gd.h,v 1.60 2005/10/02 18:01:50 pajoye Exp $ */ +/* $Id: php_gd.h,v 1.61 2005/11/01 17:04:29 sniper Exp $ */ #ifndef PHP_GD_H #define PHP_GD_H @@ -30,6 +30,15 @@ #if HAVE_LIBGD +/* open_basedir and safe_mode checks */ +#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ + if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(filename, "rb+", CHECKUID_CHECK_FILE_AND_DIR)) \ + ) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ + RETURN_FALSE; \ + } + #define PHP_GDIMG_TYPE_GIF 1 #define PHP_GDIMG_TYPE_PNG 2 #define PHP_GDIMG_TYPE_JPG 3
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php