[PHP-CVS] cvs: php-src(PHP_5_1) /ext/gd gd.c

Tue, 17 Jan 2006 15:47:30 -0800 

tony2001                Tue Jan 17 23:47:09 2006 UTC

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/gd     gd.c 
  Log:
  MFH: improve open_basedir checks in GD
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/gd/gd.c?r1=1.312.2.15&r2=1.312.2.16&diff_format=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.312.2.15 php-src/ext/gd/gd.c:1.312.2.16
--- php-src/ext/gd/gd.c:1.312.2.15      Tue Jan 17 19:04:06 2006
+++ php-src/ext/gd/gd.c Tue Jan 17 23:47:08 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd.c,v 1.312.2.15 2006/01/17 19:04:06 pajoye Exp $ */
+/* $Id: gd.c,v 1.312.2.16 2006/01/17 23:47:08 tony2001 Exp $ */
 
 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -3201,6 +3201,8 @@
        fontname = (unsigned char *) fontname;
 #endif
 
+       PHP_GD_CHECK_OPEN_BASEDIR(fontname, "Invalid font filename");
+       
 #ifdef USE_GD_IMGSTRTTF
 # if HAVE_GD_STRINGFTEX
        if (extended) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to