iliaa Sat Sep 16 18:30:03 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/pdo_sqlite sqlite_driver.c
/php-src/ext/standard link.c
Log:
Additional expand_filepath() checks
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_sqlite/sqlite_driver.c?r1=1.20.2.5&r2=1.20.2.5.2.1&diff_format=u
Index: php-src/ext/pdo_sqlite/sqlite_driver.c
diff -u php-src/ext/pdo_sqlite/sqlite_driver.c:1.20.2.5
php-src/ext/pdo_sqlite/sqlite_driver.c:1.20.2.5.2.1
--- php-src/ext/pdo_sqlite/sqlite_driver.c:1.20.2.5 Sun Jan 1 12:50:12 2006
+++ php-src/ext/pdo_sqlite/sqlite_driver.c Sat Sep 16 18:30:03 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sqlite_driver.c,v 1.20.2.5 2006/01/01 12:50:12 sniper Exp $ */
+/* $Id: sqlite_driver.c,v 1.20.2.5.2.1 2006/09/16 18:30:03 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -642,6 +642,10 @@
if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) {
char *fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+ if (!fullpath) {
+ return NULL;
+ }
+
if (PG(safe_mode) && (!php_checkuid(fullpath, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
efree(fullpath);
return NULL;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.52.2.1&r2=1.52.2.1.2.1&diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.52.2.1
php-src/ext/standard/link.c:1.52.2.1.2.1
--- php-src/ext/standard/link.c:1.52.2.1 Sun Jan 1 12:50:15 2006
+++ php-src/ext/standard/link.c Sat Sep 16 18:30:03 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: link.c,v 1.52.2.1 2006/01/01 12:50:15 sniper Exp $ */
+/* $Id: link.c,v 1.52.2.1.2.1 2006/09/16 18:30:03 iliaa Exp $ */
#include "php.h"
#include "php_filestat.h"
@@ -122,14 +122,15 @@
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
- expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+ if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) ||
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
if (php_stream_locate_url_wrapper(source_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
php_stream_locate_url_wrapper(dest_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) )
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to symlink
to a URL");
- RETURN_FALSE;
+ RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
@@ -177,14 +178,15 @@
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
- expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+ if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) ||
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
if (php_stream_locate_url_wrapper(source_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
php_stream_locate_url_wrapper(dest_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) )
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to link to
a URL");
- RETURN_FALSE;
+ RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
