tony2001 Tue Jan 31 10:57:52 2006 UTC Modified files: (Branch: PHP_4_4) /php-src NEWS /php-src/ext/curl curl.c Log: fix #36223 (curl bypasses open_basedir restrictions) http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.113&r2=1.1247.2.920.2.114&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.113 php-src/NEWS:1.1247.2.920.2.114 --- php-src/NEWS:1.1247.2.920.2.113 Thu Jan 26 15:47:31 2006 +++ php-src/NEWS Tue Jan 31 10:57:52 2006 @@ -2,6 +2,7 @@ ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2006, Version 4.4.3 - Added a check for special characters in the session name. (Ilia) +- Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony) - Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the end of the string). (Ilia) - Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony) http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.8&r2=1.124.2.30.2.9&diff_format=u Index: php-src/ext/curl/curl.c diff -u php-src/ext/curl/curl.c:1.124.2.30.2.8 php-src/ext/curl/curl.c:1.124.2.30.2.9 --- php-src/ext/curl/curl.c:1.124.2.30.2.8 Thu Jan 26 13:23:50 2006 +++ php-src/ext/curl/curl.c Tue Jan 31 10:57:52 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: curl.c,v 1.124.2.30.2.8 2006/01/26 13:23:50 mike Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -159,7 +159,7 @@ #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ - strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ + strncasecmp(str, "file:", sizeof("file:") - 1) == 0) \ { \ php_url *tmp_url; \ \
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php