andi Sun Feb 19 01:19:37 2006 UTC Modified files: /php-src/main fopen_wrappers.c fopen_wrappers.h /php-src/main/streams plain_wrapper.c Log: Nuke php_check_safe_mode_include_dir http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.c?r1=1.178&r2=1.179&diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.178 php-src/main/fopen_wrappers.c:1.179 --- php-src/main/fopen_wrappers.c:1.178 Sun Feb 19 01:10:13 2006 +++ php-src/main/fopen_wrappers.c Sun Feb 19 01:19:37 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.c,v 1.178 2006/02/19 01:10:13 andi Exp $ */ +/* $Id: fopen_wrappers.c,v 1.179 2006/02/19 01:19:37 andi Exp $ */ /* {{{ includes */ @@ -187,55 +187,6 @@ } /* }}} */ -/* {{{ php_check_safe_mode_include_dir - */ -PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) -{ - if (PG(safe_mode)) { - if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) { - char *pathbuf; - char *ptr; - char *end; - char resolved_name[MAXPATHLEN]; - - /* Resolve the real path into resolved_name */ - if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) - return -1; - - pathbuf = estrdup(PG(safe_mode_include_dir)); - - ptr = pathbuf; - - while (ptr && *ptr) { - end = strchr(ptr, DEFAULT_DIR_SEPARATOR); - if (end != NULL) { - *end = '\0'; - end++; - } - - /* Check the path */ -#ifdef PHP_WIN32 - if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0) -#else - if (strncmp(ptr, resolved_name, strlen(ptr)) == 0) -#endif - { - /* File is in the right directory */ - efree(pathbuf); - return 0; - } - - ptr = end; - } - efree(pathbuf); - } - return -1; - } - - /* Nothing to check... */ - return 0; -} -/* }}} */ /* {{{ php_fopen_and_set_opened_path */ @@ -387,16 +338,9 @@ * safe mode GID/UID checks */ - /* Absolute path open */ - if (IS_ABSOLUTE_PATH(filename, filename_length)) { - if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) - /* filename is in safe_mode_include_dir (or subdir) */ - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - } - - if (!path || (path && !*path)) { + /* Absolute path open */ + /* FIXME: Andi - Do we actually need the if()? */ + if (IS_ABSOLUTE_PATH(filename, filename_length) || (!path || (path && !*path))) { return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } @@ -434,20 +378,7 @@ end++; } snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename); - if (PG(safe_mode)) { - if (VCWD_STAT(trypath, &sb) == 0) { - /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) - /* UID ok, or trypath is in safe_mode_include_dir */ - fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); - else - fp = NULL; - - efree(pathbuf); - return fp; - } - } + fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); if (fp) { efree(pathbuf); http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.h?r1=1.45&r2=1.46&diff_format=u Index: php-src/main/fopen_wrappers.h diff -u php-src/main/fopen_wrappers.h:1.45 php-src/main/fopen_wrappers.h:1.46 --- php-src/main/fopen_wrappers.h:1.45 Sun Jan 1 13:09:57 2006 +++ php-src/main/fopen_wrappers.h Sun Feb 19 01:19:37 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.h,v 1.45 2006/01/01 13:09:57 sniper Exp $ */ +/* $Id: fopen_wrappers.h,v 1.46 2006/02/19 01:19:37 andi Exp $ */ #ifndef FOPEN_WRAPPERS_H #define FOPEN_WRAPPERS_H @@ -31,8 +31,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC); PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC); -PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC); - PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC); PHPAPI int php_is_url(char *path); http://cvs.php.net/viewcvs.cgi/php-src/main/streams/plain_wrapper.c?r1=1.60&r2=1.61&diff_format=u Index: php-src/main/streams/plain_wrapper.c diff -u php-src/main/streams/plain_wrapper.c:1.60 php-src/main/streams/plain_wrapper.c:1.61 --- php-src/main/streams/plain_wrapper.c:1.60 Sun Feb 19 01:10:13 2006 +++ php-src/main/streams/plain_wrapper.c Sun Feb 19 01:19:37 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: plain_wrapper.c,v 1.60 2006/02/19 01:10:13 andi Exp $ */ +/* $Id: plain_wrapper.c,v 1.61 2006/02/19 01:19:37 andi Exp $ */ #include "php.h" #include "php_globals.h" @@ -1210,10 +1210,6 @@ return NULL; } - if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) - /* filename is in safe_mode_include_dir (or subdir) */ - return php_stream_fopen_rel(filename, mode, opened_path, options); - return php_stream_fopen_rel(filename, mode, opened_path, options); } @@ -1232,9 +1228,6 @@ if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) { return NULL; } - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC)) == 0) { - return php_stream_fopen_rel(trypath, mode, opened_path, options); - } return php_stream_fopen_rel(trypath, mode, opened_path, options); } @@ -1289,19 +1282,6 @@ continue; } - if (PG(safe_mode)) { - if (VCWD_STAT(trypath, &sb) == 0) { - /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) { - /* UID ok, or trypath is in safe_mode_include_dir */ - stream = php_stream_fopen_rel(trypath, mode, opened_path, options); - goto stream_done; - } - } - ptr = end; - continue; - } stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { stream_done:
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php