[PHP-CVS] cvs: php-src /ext/gd gd.c

[Antony Dovgal]

tony2001                Tue Jan 17 23:49:14 2006 UTC

  Modified files:              
    /php-src/ext/gd     gd.c 
  Log:
  improve open_basedir checks in GD
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/gd/gd.c?r1=1.339&r2=1.340&diff_format=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.339 php-src/ext/gd/gd.c:1.340
--- php-src/ext/gd/gd.c:1.339   Tue Jan 17 16:34:58 2006
+++ php-src/ext/gd/gd.c Tue Jan 17 23:49:14 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gd.c,v 1.339 2006/01/17 16:34:58 pajoye Exp $ */
+/* $Id: gd.c,v 1.340 2006/01/17 23:49:14 tony2001 Exp $ */
 
 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -2966,6 +2966,8 @@
        fontname = (unsigned char *) fontname;
 #endif
 
+       PHP_GD_CHECK_OPEN_BASEDIR(fontname, "Invalid font filename");
+       
 #ifdef USE_GD_IMGSTRTTF
 # if HAVE_GD_STRINGFTEX
        if (extended) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php